martin f krafft, 2003-Jan-13 11:23 +0100: > also sprach Jeff <[EMAIL PROTECTED]> [2003.01.12.1953 +0100]: > > Thinking about it, what I described above really isn't a proxy but > > rather an offload of the SSL part of HTTPS. However, the clear text > > HTTP on the backend could then be proxied. I've not seen this done > > though. > > I know this is possible. But you are giving up one big feature of SSL: > The authenticity check of the peer. In any case, this is only really > applicable to reverse proxying. I want a forward proxy, if at all.
If by peer you mean client authentication, that would also be done by the SSL offload server. The SSL offloader handles all the server and client authentication process and the encryption processes. The webserver, being on a protected network, assumes that all http traffic reaching it is trusted. However, as you state, I'm talking about a Secure Reverse Proxy. I don't know of any implimentation of a Secure Forward Proxy. > > I agree that SSH cannot be proxied, but the big reason for it, > > You can proxy SSH in exactly the same way. Not with on-board methods, > but in theory it's possible. Agreed. Earlier in this thread someone pointed to "nocat" as a solution. If you haven't looked into that yet, I suggest you do so. I believe nocat can solve your problem. jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
