Home page logo
/

basics logo Security Basics mailing list archives

RE: SSL Reverse Proxy
From: Jason Dixon <jason () argus-networks com>
Date: 30 Apr 2003 13:00:22 -0400

Yes, you could also use Squid in httpd accelerator mode.  Have it dump
off the SSL, then it can load-balance/proxy to your pool.  Squid on
OpenBSD/FreeBSD/Linux works great for this, not to mention native 
drivers for some of the crypto accelerator cards out there.

-J.

On Wed, 2003-04-30 at 09:22, Andrea Cogliati wrote:
Thank you guys (Daniel, Lucas, Vic and David) for your answers. I really
appreciate your suggestions.

Let's try to be more specific: we already use MS ISA to do the same job,
but we are trying to move to Open Source at the perimeter (basically for
security reason). That's why I particularly like the Apache approach,
provided it'll safely do the job.

By now, the communications between ISA and the backend servers are https
as well. We'd like to replicate the scenario with the new solution too.
So, Daniel, you are impling that Apache is capable to reverse proxy
https to http only and not https to https, aren't you?

What about Squid and Puond? I have had a quick look on them, but I'm
quite sure they won't work here.

Thanks again. Ciao,

Andrea

-----Original Message-----
From: Daniel Williams [mailto:dwilliams () datainventory com] 
Sent: Tuesday, April 29, 2003 11:56 PM
To: Andrea Cogliati
Cc: security-basics () securityfocus com
Subject: Re: SSL Reverse Proxy


Question, is server A and B configured for https or http?

If server A and B are configured to use http, then you could use Apache.
Apache would terminate your https connections to mydomain.com, [...]

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------

-- 
Jason Dixon
Argus Network Systems
http://www.argus-networks.com


---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • RE: SSL Reverse Proxy Jason Dixon (May 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault