[mod-security-users] mod_security + apache reverse proxy SSL'd backend
Brought to you by:
victorhora,
zimmerletw
From: cK <cks...@ya...> - 2007-08-03 16:57:42
|
Hi All,=0A I've setup a secure Apache Reverse Proxy with an SSL connectio= n from the client to the reverse proxy with an SSL connection to the backen= d portal server.=0A=0AHere's a "diagram" of my environment and a snippet of= my httd.conf: =0AClient --SSL--> Reverse Proxy (domain.com) --SSL--> Porta= l Server (internal.com) =0A=0A<VirtualHost w2k3std.test.com:443>=0AProxyPre= serveHost On=0ASSLProxyEngine On=0A#SSLProtocol All=0ASSLEngine On=0ASSLCer= tificateFile conf/ssl/w2k3std.test.com.cert=0ASSLCertificateKeyFile conf/ss= l/w2k3std.test.com.key=0A=0AProxyPass /portal https://www.internal.com/port= al=0AProxyPassReverse /portal https://www.domain.com/portal=0A=0AIs it poss= ible to add mod_security into the reverse proxy to do IDS since the traffic= is encrypted to the portal server? I would like to inspect the http traff= ic for xss, etc. Any examples would be appreciated!=0A=0AThanks,=0A=0A-Cal= vin=0A=0A=0A =0A_____________________________________________________= _______________________________=0ABe a better Globetrotter. Get better trav= el answers from someone who knows. Yahoo! Answers - Check it out.=0Ahttp://= answers.yahoo.com/dir/?link=3Dlist&sid=3D396545469 |