If a network connected to the internet was using a proxy firewall (say,
Gauntlet or fwtk), and had an web server behind the firewall which had
SSL enabled, what options does the firewall administrator have to ensure
that people outside can access the web server inside w/SSL?
Someone at TIS said all that needed to be done was to use plug-gw (a
generic proxy which just passes bytes) so that the firewall passes
traffic. However, given that internal web browsers require a specific SSL
proxy service to access SSL enabled web servers on the outside, I don't
feel quite convinced. (won't browsers care that the host they're
connecting to is different from what the passed certificate information
says?)
If it's the case that a SSL proxy service is needed for incoming requests,
it would seem like the rules would have to be fairly stringent so that
someone would not take advantage of it to probe the internal network -
like having an HTTP proxy for incoming requests.
Can someone explain, before I actually try it out?
Junya Ho
FSDirect
v: 416 368 3920 x5411
f: 416 368 5505
Follow-Ups:
|
|
