[stunnel-users] forcing my untangle server to scan my https traffic
bing
bingb at tcsaa.com
Tue Mar 1 08:21:06 CET 2011
On 2/28/2011 10:36 PM, Scott Gifford wrote:
> On Mon, Feb 28, 2011 at 4:27 PM, Bing H Bang <bingb at tcsaa.com
> <mailto:bingb at tcsaa.com>> wrote:
> [ ... ]
>
> What I'm trying to do is accept https traffic, decrypt it, pass it
> through untangle, then encrypt it back as it gets delivered to the
> https port of the web server.
>
> This setup works in that I can point my browser at the https port
> of my untangle server and the web pages work properly.
>
> What doesn't work is the untangle server shows no scanning
> activity when I access the web pages. I think the path
> webserver->untangle->webserver does not trigger the scanning in
> untangle because the traffic it sees is from an internal ip going
> to the same internal ip.
>
>
> Interesting. Can you put another Web server box outside of Untangle
> to decrypt the traffic, then pass it through as normal? That could
> help with performance as well. Or use a second network connection to
> pass the traffic back out to Untangle's external interface?
>
I'd try that if I had another ip address. Also, putting a box in front
of the firewall sounds dangerous.
> Also, do you find that stunnel is able to work reliably doing HTTPS in
> this way? My recollection is that there is some difficulty with
> redirects generated by the Web server, but perhaps something has changed.
>
My website is currently pretty simple. Maybe I'll start seeing problems
when the site gets going for real. Hope not!
> Good luck!
>
> -----Scott.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110301/5d5c0fc9/attachment.html>
More information about the stunnel-users
mailing list