Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    HAProxy Transparent ClientIP security question

    Cache/Proxy
    1
    1
    373
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lido14 last edited by

      Greetings All,

      I have been working with HAProxy for some time now and think it's a wonderful package.  We have recently encountered a scenario where running HAProxy with SSL offloading in transparent mode is a great solution for us.

      When not running in transparent mode, HAProxy runs as a non root user.  My concern is in transparent mode, HAProxy runs a root.  In this case, is it simply a matter of a bad enough exploit in HAProxy (or OpenSSL) and our pfSense box gets owned, or are there any mitigating circumstances that perhaps lessen the magnitude of such an event?

      I did a ps -aux from the pfSense console and notice just about all processes are running as root.  I know many of these don't process external input, but some do.  So I'm trying to properly put running HAProxy as root into perspective.

      Thank you!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post