Snort mailing list archives
Re: monitoring https / SSL
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Fri, 3 May 2002 08:39:15 +1200
On Thu, May 02, 2002 at 12:51:02PM -0400, Slade Edmonds wrote:
Could anyone direct me to information regarding snorting SSL traffic? Is it just a matter of taking the rules files designed for monitoring standard http port 80 and adding an ssl port to it?
Reverse proxies are your friends... The world talks to you SSL servers, which in reality are reverse proxies and they talk standard HTTP back to the real backend servers. Snort sits in between, and can monitor the HTTP traffic. Works well :-) -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- monitoring https / SSL Slade Edmonds (May 02)
- Re: monitoring https / SSL Jason Haar (May 02)
- <Possible follow-ups>
- RE: monitoring https / SSL McCammon, Keith (May 02)
- RE: monitoring https / SSL Matt Kettler (May 02)