Internet>Varnish>ModSecurity Reverse Proxy>HAProxy+stud>Portforward2webservers
-
Is 'Reverse Proxy' is what is represented by ModSecurity in pfSense2.1? Sounds like a stupid question, but I am confused with the GUI of pfSense 2.1 (still a novice).
I am trying to achieve with a port forward in 2.1 as stated in this thread (http://forum.pfsense.org/index.php/topic,63717.msg344681.html#msg344681)
I have Webserver in a different machine running behind pfSense 2.1. I would like to use Varnish3 in front of the Webserver for static contents. Now, I could not figure out how ModSecurity fits into this scenario?
Appreciate any inputs. Thanks!
-
39 views and no replies. Yet I am thinking this way in pfSense 2.1:
Internet >> Varnish3 >> ModSecurity_Apache Reverse Proxy >> HAPROXY+stud >> Portfwarded to >> webservers behind pfSense 2.1
In above, all the connections to port 80 from the Internet would first be handled by Varnish3 and delivers immediately if it is in cache, else passes to ModSecurity Apache Reverse Proxy or all connection to port 443 would be directly handled by ModSecurity Apache Reverse Proxy which shall together with the connedtins to 80 be forwarded to HAPROXY-dev for loadbalancing which will finally be sent to the webservers behind firewall. Is this an ideal setup?
Now how it fares with SNI? I know of stud supports SNI, How does ModSecurity Apache Reverse Proxy handles SNI?
Can anyone guide me how to achieve this in gui (confusing to a command line guy)? And how to install an extra pacakge like stud and confugure without a gui interface to pacakge? Quite confused. hmmm…
Thanks in advance!