Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Decrypt Web Server SSL with Squid3 Reverse Proxy for Snort inspection

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xbaldx
      last edited by

      What I'm trying to make happen is to use Squid3 Reverse Proxy to decrypt incoming SSL traffic to a web server so that I can inspect with Snort.
      Is that possible?

      If so, I can provide what I've configured so far and maybe someone can help me figure out what I'm missing?

      If Squid3 and Snort cannot be used in this way, can someone recommend to me what I should be using?

      Thanks very much.

      1 Reply Last reply Reply Quote 0
      • X
        xbaldx
        last edited by

        Would I be better off using Proxy Server with Mod_Security?

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          @xbaldx:

          Would I be better off using Proxy Server with Mod_Security?

          Yes, as modsecurity will do a better job then snort in http inspection.

          Current modsecurity package is quite old and missing some features. I'm working on a new package version, but I'm not having much free time to finish it.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • X
            xbaldx
            last edited by

            OK thanks for the reply.  I'll keep an eye out for the package.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.