[ic] Running Interchange w/ a seperate secure server
Jason Kohles
interchange-users@interchange.redhat.com
Fri Dec 14 21:04:00 2001
On Fri, Dec 14, 2001 at 05:51:31PM -0600, Jonathan Smith wrote:
> Well, I'll reply to my own message. :> tlink.pl seems to be a method
> to allow HTTP redirection/proxy
> from a secure server to an Interchange server (am I right)? WebTen
> supports this directly - I need to know something though -
>
This isn't exactly what tlink does, but the proxy idea is an interesting
one, which you may actually be able to get to work.
> Does Interchange dynamically generate page where a customer enters
> CC# or is it a static page that is referenced? If it's a static page
> where in the catalog is it located?
>
The page that deals with this is in pages/ord/checkout.html, but if you
are using WebTen as a real reverse proxy, you should configure it to
proxy any requests for the secure server to the same page on the non-secure
server (just make sure the servers are connected in a way that the traffic
between them cannot be intercepted, ideally with a second nic card in each
machine connected with a crossover cable). By proxying any request, you
can simply let interchange worry about which pages need to get redirected
to the secure server, rather than trying to keep a list up to date (this
way you can also secure your admin interface).
> Basically - I can have webten proxy for the Interchange server. That
> way everything going out to the internet is going to be secure.
> However I need to find out:
>
> If the page(s) that would need to be encrypted (anything with the CC#
> on it) are static pages.
> Can I modify Interchange so instead of generating links like
> http://interchange.isp.com/cc-order.html it will generate
> http://secure.isp.com/cc-order.html?
Yes, this is what the VendURL and SecureURL variables are for.
>
> I've read bits of the FAQ
> (http://interchange.redhat.com/cgi-bin/ic/docfly.html?mv_arg=icfaq04%2e02)
> but it doesn't seem to exactly answer the question.
>
I think thats because nobody has ever tried this before =)
--
Jason Kohles jkohles@redhat.com
Senior System Architect (703)786-8036 (cellular)
Red Hat Professional Consulting (703)456-2940 (office)