Reverse Proxy / Layer 7 Security

compucoder · Aug 19, 2016, 2:02 AM

I have been trying to find a good way with 2.3.2 to implement a reverse proxy with a good layer 7 security setup. We host many SSL web sites for many clients with a lot of different domains. So, I would like a typical SSL offloading config which then proxies to HTTP to the backend web servers.

I know many packages can do this aspect and I can run SNORT on the firewall for the IDS before the proxy.

What I can't seem to find is the mod_security style layer 7 security capabilities; at least not in 2.3.2. I think this has to do with nginx being the default web server now and mod_security isn't rock solid on this yet.

So, what are our options now for implementing a good reverse proxy system with tough l7 security support?

I really want to do this on pfsense instead of having to forward all web requests to another server behind it; like a ubuntu 16 system running apache+mod_security; seems like a silly double proxy mess to me…

Thanks for any info on how to do the above using pfsense on 2.3+

compucoder · Aug 22, 2016, 6:01 PM

Does anyone have a guide or tips on how to install mod_security on PFSense 2.3? Module is gone now and I suspect it is due to the change to nginx; there are builds f mod_security now for nginx so am wondering if anyone has tried using it for a reverse security proxy in latest pfsense?

Thanks