<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    On 2/28/2011 10:36 PM, Scott Gifford wrote:
    <blockquote
      cite="mid:AANLkTi=wQvnc0WMmcwT9EZgaAfFC_bgtzxAkJFJdt=Fk@mail.gmail.com"
      type="cite">On Mon, Feb 28, 2011 at 4:27 PM, Bing H Bang <span
        dir="ltr"><<a moz-do-not-send="true"
          href="mailto:bingb@tcsaa.com">bingb@tcsaa.com</a>></span>
      wrote:
      <div>[ ... ]<br>
        <div>
          <div class="gmail_quote">
            <blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
              0.8ex; border-left: 1px solid rgb(204, 204, 204);
              padding-left: 1ex;">
              What I'm trying to do is accept https traffic, decrypt it,
              pass it through untangle, then encrypt it back as it gets
              delivered to the https port of the web server.<br>
              <br>
              This setup works in that I can point my browser at the
              https port of my untangle server and the web pages work
              properly.<br>
              <br>
              What doesn't work is the untangle server shows no scanning
              activity when I access the web pages. I think the path
              webserver->untangle->webserver does not trigger the
              scanning in untangle because the traffic it sees is from
              an internal ip going to the same internal ip.<br>
            </blockquote>
            <div><br>
            </div>
            <div>Interesting.  Can you put another Web server box
              outside of Untangle to decrypt the traffic, then pass it
              through as normal?  That could help with performance as
              well.  Or use a second network connection to pass the
              traffic back out to Untangle's external interface?</div>
            <div><br>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    I'd try that if I had another ip address. Also, putting a box in
    front of the firewall sounds dangerous.<br>
    <blockquote
      cite="mid:AANLkTi=wQvnc0WMmcwT9EZgaAfFC_bgtzxAkJFJdt=Fk@mail.gmail.com"
      type="cite">
      <div>
        <div>
          <div class="gmail_quote">
            <div>Also, do you find that stunnel is able to work reliably
              doing HTTPS in this way?  My recollection is that there is
              some difficulty with redirects generated by the Web
              server, but perhaps something has changed.</div>
            <div><br>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    My website is currently pretty simple. Maybe I'll start seeing
    problems when the site gets going for real. Hope not!<br>
    <blockquote
      cite="mid:AANLkTi=wQvnc0WMmcwT9EZgaAfFC_bgtzxAkJFJdt=Fk@mail.gmail.com"
      type="cite">
      <div>
        <div>
          <div class="gmail_quote">
            <div>Good luck!</div>
            <div><br>
            </div>
            <div>-----Scott.</div>
            <div><br>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>