[stunnel-users] forcing my untangle server to scan my https traffic

bing bingb at tcsaa.com
Tue Mar 1 08:21:06 CET 2011


On 2/28/2011 10:36 PM, Scott Gifford wrote:
> On Mon, Feb 28, 2011 at 4:27 PM, Bing H Bang <bingb at tcsaa.com 
> <mailto:bingb at tcsaa.com>> wrote:
> [ ... ]
>
>     What I'm trying to do is accept https traffic, decrypt it, pass it
>     through untangle, then encrypt it back as it gets delivered to the
>     https port of the web server.
>
>     This setup works in that I can point my browser at the https port
>     of my untangle server and the web pages work properly.
>
>     What doesn't work is the untangle server shows no scanning
>     activity when I access the web pages. I think the path
>     webserver->untangle->webserver does not trigger the scanning in
>     untangle because the traffic it sees is from an internal ip going
>     to the same internal ip.
>
>
> Interesting.  Can you put another Web server box outside of Untangle 
> to decrypt the traffic, then pass it through as normal?  That could 
> help with performance as well.  Or use a second network connection to 
> pass the traffic back out to Untangle's external interface?
>
I'd try that if I had another ip address. Also, putting a box in front 
of the firewall sounds dangerous.
> Also, do you find that stunnel is able to work reliably doing HTTPS in 
> this way?  My recollection is that there is some difficulty with 
> redirects generated by the Web server, but perhaps something has changed.
>
My website is currently pretty simple. Maybe I'll start seeing problems 
when the site gets going for real. Hope not!
> Good luck!
>
> -----Scott.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110301/5d5c0fc9/attachment.html>


More information about the stunnel-users mailing list