[Snort-users] monitoring https / SSL

Jason Haar Jason.Haar at ...294...
Thu May 2 13:40:51 EDT 2002


On Thu, May 02, 2002 at 12:51:02PM -0400, Slade Edmonds wrote:
> Could anyone direct me to information regarding snorting SSL traffic?  Is it
> just a matter of taking the rules files designed for monitoring standard
> http port 80 and adding an ssl port to it?

Reverse proxies are your friends...

The world talks to you SSL servers, which in reality are reverse proxies and
they talk standard HTTP back to the real backend servers. Snort sits in
between, and can monitor the HTTP traffic.

Works well :-)

-- 
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417




More information about the Snort-users mailing list