Knowledgebase

Portal Home > Knowledgebase > Articles Database > Inspect HTTPS traffic with IDS/IPS?


Inspect HTTPS traffic with IDS/IPS?




Posted by flyingmonkey, 08-03-2007, 02:39 PM
Is it possible to perform IDS/IPS on traffic that is SSL encrypted? I am setting up a secure Apache reverse proxy with a CISO ASA and a Citrix Netscalers in front of the reverse proxy. Here's a "diagram" of my environment: Client --SSL--> Firewall --> Load Balancer --> Reverse Proxy (https://www.domain.com) --SSL--> Portal Server (https://www.internal.com) I am trying to find a way to add additional security before traffic reaches the Portal Server. Also is it possible to add mod_security to the reverse proxy, since the traffic to the backend server is encrypted? Any suggestions are appreciated. Thanks, -FlyingMonkey
Posted by Babushka99, 08-03-2007, 03:47 PM
Once traffic comes out of the tunnel - sure. Otherwise, L:4/7 inspection would not yield anything if the maliciousness lies in the payload. A HIDS should however be able to detect it. The IPS will just be able to work on everything but the payload due to encryption.
Posted by flyingmonkey, 08-03-2007, 04:17 PM
Thanks, do you know if I would be able to inspect the payload at the reverse proxy before request are sent to the portal server since that link is encrypted? The reverse proxy is an SSL termination point which then reopens a new SSL session to the backend portal. Sorry, I am a newb to all of this.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Mount Network HDD (Views: 472)
Customized named.conf in cPanel (Views: 478)
NTBackup to LTO-4 Tape Device (Views: 462)
[My] WHMCS Compromised (Views: 491)
Bandwidth Raping Protection? (Views: 483)

Language: