From owner-freebsd-security Tue Oct 17 9:50:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 480BB37B4D7 for ; Tue, 17 Oct 2000 09:50:10 -0700 (PDT) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id MAA59257; Tue, 17 Oct 2000 12:50:49 -0400 (EDT) (envelope-from rjh@mohawk.net) Date: Tue, 17 Oct 2000 12:50:49 -0400 (EDT) From: Ralph Huntington To: Rolf Edwards Cc: Adam Laurie , freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall In-Reply-To: <5.0.0.25.2.20001017101924.00ab9808@127.0.0.1> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > >redirect_port tcp a.b.c.d:80 e.f.g.h:80 > > > >redirect_port tcp a.b.c.d:443 e.f.g.h:443 > > > > > > The problem is that there are multiple web servers so that will not work, > > > >You could have multiple IP aliases on your outside net. Alternatively, > >a single back end server that then does the > >round-robin/load-balanced/whatever forwarding. (http://www.backhand.org/) > > Reviewing the backhand site, it looks as though it isn't a great fit. You could still run a single back-end server that distributes the hits. You could use mod_rewrite for that. It could handle port 80 and 443 also, redirecting (rewriting) as you please based on the URL requested. This could be name based as well if you run bind for it all inside. -=r=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message