[112724] in North American Network Operators' Group
Re: Anyone using any Linux SSL proxies?
daemon@ATHENA.MIT.EDU (Michael K. Smith)
Sun Mar 15 14:04:51 2009
Date: Sun, 15 Mar 2009 11:04:38 -0700
From: "Michael K. Smith" <mksmith@adhost.com>
To: Mike Lyon <mike.lyon@gmail.com>,
Nanog <nanog@merit.edu>
In-Reply-To: <1b5c1c150903142156w1f159cdah383c2c8a9c306942@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
Hello Mike:
On 3/14/09 9:56 PM, "Mike Lyon" <mike.lyon@gmail.com> wrote:
> Howdy,
>
> I am wondering what folks are recommending/using these days for Linux SSL
> proxies? I need to build a linux box that basically acts as an SSL offloader
> would (like a BigIP / Cisco ACE / Netscaler would do). Listen on port 443,
> decrypt the SSL and then forward the request onto the webserver on port 80.
> DSR is not required.
>
> Any suggestions?
>
> Offlist replies would probably be more appropriate.
>
> Thank You in advance.
>
> Cheers,
> Mike
We use Apache with mod_security and mod_proxy to do this, although the
application is more as an application layer firewall than an SSL offloader.
It works well for lower traffic applications; I haven't tested it under the
loads that are advertised by the hardware vendors you mentioned.
Regards,
Mike
