Security Basics mailing list archives
RE: SSL Reverse Proxy
From: Jason Dixon <jason () argus-networks com>
Date: 30 Apr 2003 13:00:22 -0400
Yes, you could also use Squid in httpd accelerator mode. Have it dump off the SSL, then it can load-balance/proxy to your pool. Squid on OpenBSD/FreeBSD/Linux works great for this, not to mention native drivers for some of the crypto accelerator cards out there. -J. On Wed, 2003-04-30 at 09:22, Andrea Cogliati wrote:
Thank you guys (Daniel, Lucas, Vic and David) for your answers. I really appreciate your suggestions. Let's try to be more specific: we already use MS ISA to do the same job, but we are trying to move to Open Source at the perimeter (basically for security reason). That's why I particularly like the Apache approach, provided it'll safely do the job. By now, the communications between ISA and the backend servers are https as well. We'd like to replicate the scenario with the new solution too. So, Daniel, you are impling that Apache is capable to reverse proxy https to http only and not https to https, aren't you? What about Squid and Puond? I have had a quick look on them, but I'm quite sure they won't work here. Thanks again. Ciao, Andrea -----Original Message----- From: Daniel Williams [mailto:dwilliams () datainventory com] Sent: Tuesday, April 29, 2003 11:56 PM To: Andrea Cogliati Cc: security-basics () securityfocus com Subject: Re: SSL Reverse Proxy Question, is server A and B configured for https or http? If server A and B are configured to use http, then you could use Apache. Apache would terminate your https connections to mydomain.com, [...] --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
-- Jason Dixon Argus Network Systems http://www.argus-networks.com --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
Current thread:
- RE: SSL Reverse Proxy Jason Dixon (May 01)