Snort mailing list archives

Re: monitoring https / SSL

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Fri, 3 May 2002 08:39:15 +1200

On Thu, May 02, 2002 at 12:51:02PM -0400, Slade Edmonds wrote:

Could anyone direct me to information regarding snorting SSL traffic?  Is it
just a matter of taking the rules files designed for monitoring standard
http port 80 and adding an ssl port to it?


Reverse proxies are your friends...

The world talks to you SSL servers, which in reality are reverse proxies and
they talk standard HTTP back to the real backend servers. Snort sits in
between, and can monitor the HTTP traffic.

Works well :-)

-- 
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

monitoring https / SSL Slade Edmonds (May 02)
- Re: monitoring https / SSL Jason Haar (May 02)
- <Possible follow-ups>
- RE: monitoring https / SSL McCammon, Keith (May 02)
- RE: monitoring https / SSL Matt Kettler (May 02)