Re: [mod-security-users] mod_security with proxy - HTTP or HTTPS ?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security with proxy - HTTP or HTTPS ?
|
From: Christian F. <chr...@ne...> - 2018-04-26 18:56:12
|
Hello Edouard, It's like Harald explains. The Reverse Proxy decrypts the https traffic and ModSecurity sees cleartext http. Installing ModSec on the RP is the standard setup. Ahoj, Christian On Thu, Apr 26, 2018 at 03:23:38PM -0300, Edouard Guigné wrote: > Hello Dear Mod_security users, > > I installed mod_security on a proxy web server with apache, in order to > inspect & protect traffic to a final web serveur on my LAN. > > Internet <== HTTPS ==> [PROXY with mod_security] <<=== LAN HTTP ===> [ WEB > server] > > This was the V1 configuration. > > Then, I changed to V2 : > > Internet <== HTTPS ==> [PROXY with mod_security] <<=== LAN *HTTP**S* ===> [ > WEB server] > > So I wondered if with V2, mod_security is able to inspect the traffic on the > proxy server, because the traffic is encrypted in HTTPS. > > Should I better to install mod_security on the WEB server instead of the > PROXY ? > > Best Regards, > > EG > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
