RE: SSL Reverse Proxy

["Andrea Cogliati" <AndreaC () gotech it>]

Thank you guys (Daniel, Lucas, Vic and David) for your answers. I really
appreciate your suggestions.

Let's try to be more specific: we already use MS ISA to do the same job,
but we are trying to move to Open Source at the perimeter (basically for
security reason). That's why I particularly like the Apache approach,
provided it'll safely do the job.

By now, the communications between ISA and the backend servers are https
as well. We'd like to replicate the scenario with the new solution too.
So, Daniel, you are impling that Apache is capable to reverse proxy
https to http only and not https to https, aren't you?

What about Squid and Puond? I have had a quick look on them, but I'm
quite sure they won't work here.

Thanks again. Ciao,

Andrea

-----Original Message-----
From: Daniel Williams [mailto:dwilliams () datainventory com] 
Sent: Tuesday, April 29, 2003 11:56 PM
To: Andrea Cogliati
Cc: security-basics () securityfocus com
Subject: Re: SSL Reverse Proxy


Question, is server A and B configured for https or http?

If server A and B are configured to use http, then you could use Apache.
Apache would terminate your https connections to mydomain.com, [...]

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------