Date: Tue, 17 Oct 2000 11:46:05 -0500 (CDT) From: James Wyatt <jwyatt@rwsystems.net> To: Rolf Edwards <redwards@meccamediagroup.com> Cc: Adam Laurie <adam@algroup.co.uk>, freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall Message-ID: <Pine.BSF.4.10.10010171144000.762-100000@bsdie.rwsystems.net> In-Reply-To: <5.0.0.25.2.20001017101924.00ab9808@127.0.0.1>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 Oct 2000, Rolf Edwards wrote: > At 08:29 AM 10/17/2000, Adam Laurie wrote: > >Rolf Edwards wrote: [ ... ] > > > The problem is that there are multiple web servers so that will not work, > > > as it assumes that there is only one. > >You could have multiple IP aliases on your outside net. Alternatively, > >if you want them to come in on a single address, you could point them at > >a single back end server that then does the > >round-robin/load-balanced/whatever forwarding. mod_backhand is quite > >cool for this kind of stuff. (http://www.backhand.org/) > Reviewing the backhand site, it looks as though it isn't a great fit. Do > you think I can redirect the SSL port to the web port and use squid to > redirect? I think squid will do the web requestes ok, but can SSL be > redirected like that? or will the IP changes cause conflicts? IIUC, this will invalidate the IP addresses you get on the web servers as they will be coming from squid. IP restrictions to parts of the site will have to be done via squid ACLs, rather than .htaccess or server configs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10010171144000.762-100000>