RE: SSL Reverse Proxy

[Jason Dixon <jason () argus-networks com>]

Yes, you could also use Squid in httpd accelerator mode.  Have it dump
off the SSL, then it can load-balance/proxy to your pool.  Squid on
OpenBSD/FreeBSD/Linux works great for this, not to mention native 
drivers for some of the crypto accelerator cards out there.

-J.

On Wed, 2003-04-30 at 09:22, Andrea Cogliati wrote:
> Thank you guys (Daniel, Lucas, Vic and David) for your answers. I really
> appreciate your suggestions.
>
> Let's try to be more specific: we already use MS ISA to do the same job,
> but we are trying to move to Open Source at the perimeter (basically for
> security reason). That's why I particularly like the Apache approach,
> provided it'll safely do the job.
>
> By now, the communications between ISA and the backend servers are https
> as well. We'd like to replicate the scenario with the new solution too.
> So, Daniel, you are impling that Apache is capable to reverse proxy
> https to http only and not https to https, aren't you?
>
> What about Squid and Puond? I have had a quick look on them, but I'm
> quite sure they won't work here.
>
> Thanks again. Ciao,
>
> Andrea
>
> -----Original Message-----
> From: Daniel Williams [mailto:dwilliams () datainventory com] 
> Sent: Tuesday, April 29, 2003 11:56 PM
> To: Andrea Cogliati
> Cc: security-basics () securityfocus com
> Subject: Re: SSL Reverse Proxy
>
>
> Question, is server A and B configured for https or http?
>
> If server A and B are configured to use http, then you could use Apache.
> Apache would terminate your https connections to mydomain.com, [...]
>
> ---------------------------------------------------------------------------
> FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
> recognized corporate security certification track, provides a comprehensive 
> prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
> studies and true hands-on utilization 
> of pertinent security tools. For a limited time you can enter for a chance 
> to win one of the latest technological innovations, the SEGWAY HT. 
> Log onto http://www.securityfocus.com/FastTrain-security-basics
> ----------------------------------------------------------------------------
-- 
Jason Dixon
Argus Network Systems
http://www.argus-networks.com


---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------