Re: [mod-security-users] mod_security with proxy - HTTP or HTTPS ?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security with proxy - HTTP or HTTPS ?
|
From: Guillermo C. <fla...@gm...> - 2018-04-26 19:06:56
|
Hi! Edouard! To be more specific, in your V2 setup you'll have 2, independent, SSL sessions/connections: Internet <== SSL connection 1 ==> Proxy (here, the SSL 1 ends and modsec can see plaintext) <== SSL connection 2 ==> Web Server You can even use different certificates for the SSL1 and SSL2 connections, and use (or not), client certificates in any of them. This would be totally transparent to modsec. I'd recommend using the V2 setup (you should consider insiders threat, not only external). Best regards! On 04/26/2018 03:55 PM, Christian Folini wrote: > Hello Edouard, > > It's like Harald explains. The Reverse Proxy decrypts the https traffic and > ModSecurity sees cleartext http. > > Installing ModSec on the RP is the standard setup. > > Ahoj, > > Christian > > On Thu, Apr 26, 2018 at 03:23:38PM -0300, Edouard Guigné wrote: >> Hello Dear Mod_security users, >> >> I installed mod_security on a proxy web server with apache, in order to >> inspect & protect traffic to a final web serveur on my LAN. >> >> Internet <== HTTPS ==> [PROXY with mod_security] <<=== LAN HTTP ===> [ WEB >> server] >> >> This was the V1 configuration. >> >> Then, I changed to V2 : >> >> Internet <== HTTPS ==> [PROXY with mod_security] <<=== LAN *HTTP**S* ===> [ >> WEB server] >> >> So I wondered if with V2, mod_security is able to inspect the traffic on the >> proxy server, because the traffic is encrypted in HTTPS. >> >> Should I better to install mod_security on the WEB server instead of the >> PROXY ? >> >> Best Regards, >> >> EG >> > >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot > >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ > > |
