4. HAProxy Transparent ClientIP security question

HAProxy Transparent ClientIP security question

  • L

    Greetings All,

    I have been working with HAProxy for some time now and think it's a wonderful package.  We have recently encountered a scenario where running HAProxy with SSL offloading in transparent mode is a great solution for us.

    When not running in transparent mode, HAProxy runs as a non root user.  My concern is in transparent mode, HAProxy runs a root.  In this case, is it simply a matter of a bad enough exploit in HAProxy (or OpenSSL) and our pfSense box gets owned, or are there any mitigating circumstances that perhaps lessen the magnitude of such an event?

    I did a ps -aux from the pfSense console and notice just about all processes are running as root.  I know many of these don't process external input, but some do.  So I'm trying to properly put running HAProxy as root into perspective.

    Thank you!

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy