Topic: File Transfer Over SSL

[apishdad]

is there any specific switches that need to be enabled asides from timeouts for a successful file transfer to take place over a Secure Socket Layer.

My Apache server is accessing a third party vendor that has a API library and it is making API calls to that vendor, all calls return what they are supposed to return except when it comes to file transfers. It gives a page 403 error, saying "Access Forbidden" and I am wondering whether there are any particular ciphers that must be enabled for proper file transfer to take place.

[tangent]

I think you've answered your own question to some extent, in that you say "all calls return what they are supposed to", excepting file transfers.

The 403 error indicates the user request is forbidden, meaning the third party server understood the data request, but declined it. So this doesn't sound like an issue with the SSL connection or configuration per se, but rather user authentication/authorisation, since presumably the third party site doesn't allow anonymous access to these files.

So how are user credentials being passed across to the back end? Through header cookies, query string parameters, message body, etc.?

Does your Apache configuration have any mod_rewrite or other header manipulation logic that could affect that detail being carried across to the back-end via your proxy?

It may help others respond if you are able to post your Apache configuration details (suitably anonymized), to https://apaste.info