RE: SSL Reverse Proxy
From: Jason Dixon (jason_at_argus-networks.com)
Date: 04/30/03
- Previous message: Stephen Wilcox: "Xupiter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Andrea Cogliati <AndreaC@gotech.it> Date: 30 Apr 2003 13:00:22 -0400
Yes, you could also use Squid in httpd accelerator mode. Have it dump
off the SSL, then it can load-balance/proxy to your pool. Squid on
OpenBSD/FreeBSD/Linux works great for this, not to mention native
drivers for some of the crypto accelerator cards out there.
-J.
On Wed, 2003-04-30 at 09:22, Andrea Cogliati wrote:
> Thank you guys (Daniel, Lucas, Vic and David) for your answers. I really
> appreciate your suggestions.
>
> Let's try to be more specific: we already use MS ISA to do the same job,
> but we are trying to move to Open Source at the perimeter (basically for
> security reason). That's why I particularly like the Apache approach,
> provided it'll safely do the job.
>
> By now, the communications between ISA and the backend servers are https
> as well. We'd like to replicate the scenario with the new solution too.
> So, Daniel, you are impling that Apache is capable to reverse proxy
> https to http only and not https to https, aren't you?
>
> What about Squid and Puond? I have had a quick look on them, but I'm
> quite sure they won't work here.
>
> Thanks again. Ciao,
>
> Andrea
>
> -----Original Message-----
> From: Daniel Williams [mailto:dwilliams@datainventory.com]
> Sent: Tuesday, April 29, 2003 11:56 PM
> To: Andrea Cogliati
> Cc: security-basics@securityfocus.com
> Subject: Re: SSL Reverse Proxy
>
>
> Question, is server A and B configured for https or http?
>
> If server A and B are configured to use http, then you could use Apache.
> Apache would terminate your https connections to mydomain.com, [...]
>
> ---------------------------------------------------------------------------
> FastTrain has your solution for a great CISSP Boot Camp. The industry's most
> recognized corporate security certification track, provides a comprehensive
> prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
> of pertinent security tools. For a limited time you can enter for a chance
> to win one of the latest technological innovations, the SEGWAY HT.
> Log onto http://www.securityfocus.com/FastTrain-security-basics
> ----------------------------------------------------------------------------
>
-- Jason Dixon Argus Network Systems http://www.argus-networks.com --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
- Previous message: Stephen Wilcox: "Xupiter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
