[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricting wireless access

martin f krafft, 2003-Jan-13 11:23 +0100:
> also sprach Jeff <jcoppock1@attbi.com> [2003.01.12.1953 +0100]:
> > Thinking about it, what I described above really isn't a proxy but
> > rather an offload of the SSL part of HTTPS.  However, the clear text
> > HTTP on the backend could then be proxied.  I've not seen this done
> > though.
> 
> I know this is possible. But you are giving up one big feature of SSL:
> The authenticity check of the peer. In any case, this is only really
> applicable to reverse proxying. I want a forward proxy, if at all.

If by peer you mean client authentication, that would also be done by
the SSL offload server.  The SSL offloader handles all the server and
client authentication process and the encryption processes.  The
webserver, being on a protected network, assumes that all http traffic
reaching it is trusted.  However, as you state, I'm talking about a
Secure Reverse Proxy.  I don't know of any implimentation of a Secure
Forward Proxy.
 
> > I agree that SSH cannot be proxied, but the big reason for it,
> 
> You can proxy SSH in exactly the same way. Not with on-board methods,
> but in theory it's possible.

Agreed.

Earlier in this thread someone pointed to "nocat" as a solution.  If
you haven't looked into that yet, I suggest you do so.  I believe
nocat can solve your problem.

jc

-- 
Jeff Coppock		Systems Engineer
Diggin' Debian		Admin and User
Reply to: