From owner-freebsd-stable@FreeBSD.ORG  Tue Jun 15 12:05:27 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BBCD416A4CE
	for <freebsd-stable@freebsd.org>;
	Tue, 15 Jun 2004 12:05:27 +0000 (GMT)
Received: from main.gmane.org (main.gmane.org [80.91.224.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 53EF643D2D
	for <freebsd-stable@freebsd.org>;
	Tue, 15 Jun 2004 12:05:21 +0000 (GMT)
	(envelope-from freebsd-stable@m.gmane.org)
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 1BaCgZ-0002wj-00
	for <freebsd-stable@freebsd.org>; Tue, 15 Jun 2004 14:05:03 +0200
Received: from ns-ilmail3.ns-systems.com ([62.90.139.134])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <freebsd-stable@freebsd.org>; Tue, 15 Jun 2004 14:05:03 +0200
Received: from haim by ns-ilmail3.ns-systems.com with local (Gmexim 0.1
	(Debian))        id 1AlnuQ-0007hv-00
	for <freebsd-stable@freebsd.org>; Tue, 15 Jun 2004 14:05:03 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-stable@freebsd.org
From: Haim Ashkenazi <haim@babysnakes.org>
Date: Tue, 15 Jun 2004 15:04:59 +0300
Lines: 36
Message-ID: <pan.2004.06.15.12.04.55.166312@babysnakes.org>
References: <pan.2004.06.14.09.41.50.727310@babysnakes.org>
	<20040614111822.1564.qmail@web14106.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: ns-ilmail3.ns-systems.com
User-Agent: Pan/0.14.2.91 (As She Crawled Across the Table (Debian GNU/Linux))
Sender: news <news@sea.gmane.org>
Subject: Re: need suggestions for reverse proxy
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2004 12:05:27 -0000

On Mon, 14 Jun 2004 13:18:22 +0200, Claus Guttesen wrote:

>> I'm looking for a reverse proxy for https to protect
>> an IIS server. at the
>> moment I'm using "pound" but then the IIS doesn't
>> recognize where the
>> original request came from so I can't do things like
>> allow,deny from a
>> certain IP or use awstats. It should be able to deal
>> with sessions and
>> load balancing (although at the moment I only have
> 
> You may try squid, although I doubt that squid works
> with https in your setup. Squid needs to know the
> private keys in order to decrypt the session-info so
> it can be session-aware. One way to deal with this is
> to let squid decrypt and pass it on to IIS as
> cleartext. Squid is capable of removing unwanted
> URL's.
> 
> But statefull loadbalancing may not be squids
> strength.
well, I'll test it and see how it works...

> 
> We are using LVS (Linux Virtual Server). Although I
> would have preferred a BSD-solution, nothing beats LVS
> in terms of scalability. Had an old 486 with 64 MB
> RAM, which could handle more than 10.000 unique
> visitors a day.
how would it help me? the web server has to sit on IIS.

thanx
-- 
Haim