my question is very simple . The link below is a picture about my architecture.
The pic above shows the architecture right now and it works correctly ! which means I could visit apache with url https//apchehost:8080, could not visit the web app with https served by weblogic but I could visit these app with https served by Apache(Apache is proxy server).
My question is why the Apache is configured with ssl but weblogic without ssl works ? I think weblogic should also configured with ssl . If this works , what about security level ? Is the ssl really works if only Apache configured with ssl but Weblogic without it ? Thanks .
condition: Apache 2.2.17 with weblogic module mod_wl_22.so Weblogic: 10.3 OS: Windows server 2003
A setup like this with the web server in a DMZ and the clients unable to access the Weblogic hosts directly is quite common. Client HTTPS connections terminate at the web server on the DMZ and authentication and authorisation takes place there. If this is successful then the connections are proxied as HTTP down to the application layer.
As long as it is not possible for clients to connect to the Weblogic hosts directly then this is quite safe and has the advantage that all of the SSL configuration is in once place on the web server.