Re: SSL in Reverse-Proxy (Server Accelerator) Mode...

From: Paul Boyer <paul.boyer@dont-contact.us>
Date: Sat, 15 Jul 2000 05:59:11 +0200

I am very interested in such a solution too.
Last time I searched around, I found no Free Software able to do that
in production.

BTW, Microsoft Proxy Server has been able to do HTTPS on the front-end
and HTTP on the back end, for a long time... May be https on both
ends, I don't know (and I do not work with MS proxy server, so I can't
test)

I see 2 main uses of such a thing :
1) on the server side (as you described)
2) on the client side (the proxy server performing a man-in-the-middle
attack)

1) allows for :
* performance: the web server serves http and the SSL stuff is handled
by a dedicated proxy
* security: the front-end doing http, is only a proxy server with no
information on it, that securely request pages from the https back-end
* adaptativeness: for many reasons, the existing web server does http
while we need https, or the server supports only 40/128/more bits SSL
encoding while we need to support an other level of security
(legal/security reasons)

2) allows for
* content-filtering
        -> piracy (wich we do not want)
        -> anti-virus checking on HTTPS downloads, wich is more and more
seriously lacking
        -> content-based authorization (without it, one can deny .mp3
downloads but allow ssl'd .mp3, wich are much worse ! )
* adaptativeness:
        In some special context, we would like to use browsers that are not
able to handle https for many reasons. Would be great to use a proxy
for that.

Paul Boyer

Brian Connolly wrote:
>
> Is this possible?
>
> I noticed that the FAQ claims SSL support, but is slightly ambiguous.
> Could someone explain in detail the level of SSL support avaiable?
>
> (1) Does it support HTTP on the front-end and HTTPS on the back-end? [I
> assume the answer is yes here.]
>
> (2) Does it support HTTPS on the front-end and HTTP on the back-end? [I
> don't know the answer here.]
>
> (3) Does it support HTTPS on the front-end and HTTPS on the back-end?
> [Again, don't know the answer.]
>
> Essentially, I'm looking for a proxy solution that will act as an SSL
> server (ssl on the front-end), as well as an SSL client (SLL on the
> back-end). I want the data to be decrypted at the proxy and then
> recrypted on the back-end, giving me two seperate SSL connections.
>
> Thanks for ur help,
> Bri
Received on Fri Jul 14 2000 - 22:05:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:32 MST