|
WebApp Sec
mailing list archives
Re: Security tool for monitoring HTTPS traffic?
From: Ivan Ristic <ivanr () webkreator com>
Date: Wed, 25 Feb 2004 10:57:54 +0000
Are they products they can look inside HTTPS traffic?
Most of the products mentioned can "look" inside the HTTPS
traffic but they are meant to be used by individuals, as
part of assessment. They are not actually looking into this
traffic, rather they are standing in between the client and
the server and only the traffic between them and the server
is encrypted. The rest isn't.
Some customers doesn't
trust HTTPS traffic going inside the company over the proxy! For example, I
have heard that a combination of squid and apache configuraion can do these,
but I have never seen it.
It sounds like you need to terminate your traffic on a
different server and then forward unencrypted traffic to the
actual server, at the same time listening to the unencrypted
traffic (using Snort, for example).
With Apache, this is a matter of setting up an SSL server which
will not serve content itself but forward all requests to
another server using mod_proxy (in a reverse proxy setup).
You will find these links useful as they discuss this
in more details:
http://www.sans.org/rr/papers/35/249.pdf
http://hillside.net/europlop/europlop2003/papers/WorkshopC/C6_SommerladP.pdf
--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]
 By Date 
By Thread
Current thread:
- Re: Security tool for monitoring HTTP headers?, (continued)
|
Intro
