Decrypt Web Server SSL with Squid3 Reverse Proxy for Snort inspection



  • What I'm trying to make happen is to use Squid3 Reverse Proxy to decrypt incoming SSL traffic to a web server so that I can inspect with Snort.
    Is that possible?

    If so, I can provide what I've configured so far and maybe someone can help me figure out what I'm missing?

    If Squid3 and Snort cannot be used in this way, can someone recommend to me what I should be using?

    Thanks very much.



  • Would I be better off using Proxy Server with Mod_Security?



  • @xbaldx:

    Would I be better off using Proxy Server with Mod_Security?

    Yes, as modsecurity will do a better job then snort in http inspection.

    Current modsecurity package is quite old and missing some features. I'm working on a new package version, but I'm not having much free time to finish it.



  • OK thanks for the reply.  I'll keep an eye out for the package.


Log in to reply