[stunnel-users] forcing my untangle server to scan my https traffic

bing bingb at tcsaa.com
Tue Mar 1 08:21:06 CET 2011

On 2/28/2011 10:36 PM, Scott Gifford wrote:
> On Mon, Feb 28, 2011 at 4:27 PM, Bing H Bang <bingb at tcsaa.com 
> <mailto:bingb at tcsaa.com>> wrote:
> [ ... ]
>     What I'm trying to do is accept https traffic, decrypt it, pass it
>     through untangle, then encrypt it back as it gets delivered to the
>     https port of the web server.
>     This setup works in that I can point my browser at the https port
>     of my untangle server and the web pages work properly.
>     What doesn't work is the untangle server shows no scanning
>     activity when I access the web pages. I think the path
>     webserver->untangle->webserver does not trigger the scanning in
>     untangle because the traffic it sees is from an internal ip going
>     to the same internal ip.
> Interesting.  Can you put another Web server box outside of Untangle 
> to decrypt the traffic, then pass it through as normal?  That could 
> help with performance as well.  Or use a second network connection to 
> pass the traffic back out to Untangle's external interface?
I'd try that if I had another ip address. Also, putting a box in front 
of the firewall sounds dangerous.
> Also, do you find that stunnel is able to work reliably doing HTTPS in 
> this way?  My recollection is that there is some difficulty with 
> redirects generated by the Web server, but perhaps something has changed.
My website is currently pretty simple. Maybe I'll start seeing problems 
when the site gets going for real. Hope not!
> Good luck!
> -----Scott.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110301/5d5c0fc9/attachment.html>

More information about the stunnel-users mailing list