Snort mailing list archives
Re: Request for Reverse Proxy Guidance
From: Will Metcalf <william.metcalf () gmail com>
Date: Wed, 31 Mar 2010 08:49:02 -0500
Have you looked @ http://www.modsecurity.org/? Regardless of where you position the box if you are passing creds this I think this traffic should remain encrypted on the wire in which case snort will be completely blind to it. Some people may choose to encrypt the front end to a ssl terminating proxy and then have their IDS inspect the unencrypted traffic to the back-end server although imho this is a poor practice. Since you are deploying a reverse proxy anyway, I suggest again that you have a look at mod_security as it comes with some pretty great default rules, and allows you to have much more granular controls over what is allowed in and out of your webapps. Regards, Will On Wed, Mar 31, 2010 at 8:29 AM, Jason Wallace <jason.r.wallace () gmail com> wrote:
Howdy all, I'm looking for some IDS best practice guidance when dealing with a reverse proxy. We have a new application being deployed that needs to be assessable from the Internet via a web interface but also needs to authenticate to AD. To date we do not pass the Windows auth ports from our DMZ to our internal network and I would like to keep it that way. To me that means we probably need to proxy the web traffic from our DMZ to the new system hosted on the inside. If I monitor in front of the proxy I'll see the original Internet src address, with a dest of the proxy, and the original http request. If I monitor behind the proxy I'll see the src as the proxy, the dest as the internal server, and the proxyed http request. If you could only monitor either in front or behind...which would you do? I'm new to reverse proxies so if I'm missing something obvious, please feel free to point this out! Thx, Wally ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Request for Reverse Proxy Guidance Jason Wallace (Mar 31)
- Re: Request for Reverse Proxy Guidance Will Metcalf (Mar 31)