Snort mailing list archives

Re: Log HTTP(S) URLs

From: Manu <manu () yms ath cx>
Date: Fri, 16 Mar 2007 11:52:57 +0100

Mark,

thanks a lot for your answer. Well, I don't think that the effort would justify the result.

So maybe I will try some sort of double transparent proxy (one for port 80 and the other for port 443) or something 
else.

Thanks,
Manuel

On Thu, 15 Mar 2007 14:14:40 -0500, "Petersen, Mark" <MPetersen () gs1us org> wrote:

This is a little off topic, but if you really want to do this you can
use an SSL accelerator and terminate the SSL session there.  Then the
request is sent plain text to the webserver(s), offloading SSL overhead
in the process.  I believe there are l

Internet -- SSL Accelerator -(network tap)- Web Server(s)

You can use apache to handle this, look at dedicated hardware, or come
up with your own solution.




-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Log HTTP(S) URLs Manu (Mar 15)
- Re: Log HTTP(S) URLs Patrik Israelsson (Mar 15)
  - Re: Log HTTP(S) URLs Manu (Mar 15)
    - Re: Log HTTP(S) URLs Petersen, Mark (Mar 15)
    - Re: Log HTTP(S) URLs Manu (Mar 16)
    - Re: Log HTTP(S) URLs Jason Haar (Mar 16)
    - Re: Log HTTP(S) URLs Manu (Mar 17)
    - Re: Log HTTP(S) URLs Paul Melson (Mar 19)