4. HAProxy Transparent ClientIP security question

HAProxy Transparent ClientIP security question

  • L

    Greetings All,

    I have been working with HAProxy for some time now and think it's a wonderful package.  We have recently encountered a scenario where running HAProxy with SSL offloading in transparent mode is a great solution for us.

    When not running in transparent mode, HAProxy runs as a non root user.  My concern is in transparent mode, HAProxy runs a root.  In this case, is it simply a matter of a bad enough exploit in HAProxy (or OpenSSL) and our pfSense box gets owned, or are there any mitigating circumstances that perhaps lessen the magnitude of such an event?

    I did a ps -aux from the pfSense console and notice just about all processes are running as root.  I know many of these don't process external input, but some do.  So I'm trying to properly put running HAProxy as root into perspective.

    Thank you!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy