https to https proxy search

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have been charged with finding a reverse proxy for our network that will
do https to the client and https to the backend  server as well. I see that
microsoft does http bridging, but i wanted to do it open source for security
and cost effectiveness, but i cant find an open source proxy that will do
this. I've looked into pound, squid, apache, privoxy, and transproxy. Can
anyone suggest a proxy that will do this or should i just go with ISA? Also,
i have to do https backend because of several cisco software packages
installed - it is impractical to rewrite their links and code. Any ideas
would be much appreciated.


Re: https to https proxy search

Brad Esclavon wrote:

Quoted text here. Click to load it

Kinda begs the question of *why* run SSL through to the servers. SSL is a
good way to secure temporary connections across the internet but from the
proxy to the server it's just adding a lot of overhead you don't need - a
secure line or VPN would be a better solution for this hop.

Stunnel will provide an SSL front-end for the proxy (Squid IME is
excellent). I expect it's probably possible to it with Apache + SSL in
front of (or *as*) the proxy. You could set it up to wrap the connections
to the servers too - but as I said before it's a dumb way to solve the

I'm guessing you've not used used ISA much since you are still considering
Microsoft ;)



Re: https to https proxy search


Thanks for the reply. I understand how I "should" set up a vpn or put the
servers in a secure area, but we are trying to proxy cisco call managers
that don't allow us to do it that way. The new 4.1 CM only allows SSL and
does not officially support proxying. The way we temporarily enabled this is
buy removing ssl on the CM's and using pound https->http. We have other
software products that are going to go online soon with only https, so I
need to find a proper way to fix it for good.

Any other ideas would be much appreciated, escpecially why ISA is not a good
choice (other than the obvious windows is slow and unsecure)?

thanks- brad

"Colin McKinnon"
Quoted text here. Click to load it

Re: https to https proxy search

On Mon, 06 Mar 2006 18:28:55 -0500, Brad Esclavon wrote:

Quoted text here. Click to load it

All you say about ISA is right, but you have a much worse problem: any
HTTPS -> HTTPS proxying is essentially a "man in the middle". HTTPS was
designed to allow the client (and optionally the server) to verify the
identity of the other party. By proxying you break that and open yourself
to someone potentially unpleasant attacks.

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==---- The #1 Newsgroup Service in the World! 120,000+
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Re: https to https proxy search

Quoted text here. Click to load it

I'm quite certain I've seen something like this done with Apache 1.3
mod_proxy, but it had required little bit of local add-on code.
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Site Timeline