RE: SSL Reverse Proxy

• Previous message: Ali Saifullah Khan: "Re: UNTRUSTED signature in GPG"
• Maybe in reply to: Andrea Cogliati: "SSL Reverse Proxy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 30 Apr 2003 15:22:08 +0200
To: "Daniel Williams" <dwilliams@datainventory.com>

Thank you guys (Daniel, Lucas, Vic and David) for your answers. I really
appreciate your suggestions.

Let's try to be more specific: we already use MS ISA to do the same job,
but we are trying to move to Open Source at the perimeter (basically for
security reason). That's why I particularly like the Apache approach,
provided it'll safely do the job.

By now, the communications between ISA and the backend servers are https
as well. We'd like to replicate the scenario with the new solution too.
So, Daniel, you are impling that Apache is capable to reverse proxy
https to http only and not https to https, aren't you?

What about Squid and Puond? I have had a quick look on them, but I'm
quite sure they won't work here.

Thanks again. Ciao,

Andrea

-----Original Message-----
From: Daniel Williams [mailto:dwilliams@datainventory.com]
Sent: Tuesday, April 29, 2003 11:56 PM
To: Andrea Cogliati
Cc: security-basics@securityfocus.com
Subject: Re: SSL Reverse Proxy

Question, is server A and B configured for https or http?

If server A and B are configured to use http, then you could use Apache.
Apache would terminate your https connections to mydomain.com, [...]

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------

• Previous message: Ali Saifullah Khan: "Re: UNTRUSTED signature in GPG"
• Maybe in reply to: Andrea Cogliati: "SSL Reverse Proxy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: https requests failed ... does this happens will HTTPS sites and with all users? ... MCSE+I NT4, MCSA: Security, MCSE: Security, MCDBA, CCNA ... > When requesting a page with protocol https through service Web proxy, isa ... > ISA version: ISA Server 2000 SP2 ... (microsoft.public.isa) Re: HTTPS not being proxied ... I'm having a problem with HTTPS when going via ISA. ... The browser is set to proxy to the ISA on port 8080 and "Use the same proxy ... IE 6 Has all the latest security patches installed. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Servi ... Can steal any Apache server (http or https) cookies. ... Will Apache fix the error message? ... page specifies the character set of the document. ... (Full-Disclosure) Re: OWA/Exchange/Apache ... was fine using Opera and Netscape as browser, but not Internet Explorer. ... One problem may be that IIS tries "Integrated Windows Authentication" ... This apparently fails through the Apache proxy. ... Another problem may be https vs. http. ... (Security-Basics) Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Servi ... Can steal any Apache server (http or https) cookies. ... Will Apache fix the error message? ... page specifies the character set of the document. ... (Bugtraq)