From owner-freebsd-stable@FreeBSD.ORG  Mon Jun 14 11:18:51 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C2E6416A4CE
	for <freebsd-stable@freebsd.org>;
	Mon, 14 Jun 2004 11:18:51 +0000 (GMT)
Received: from web14106.mail.yahoo.com (web14106.mail.yahoo.com
	[216.136.172.136])
	by mx1.FreeBSD.org (Postfix) with SMTP id 6AF2143D46
	for <freebsd-stable@freebsd.org>;
	Mon, 14 Jun 2004 11:18:51 +0000 (GMT)
	(envelope-from cguttesen@yahoo.dk)
Message-ID: <20040614111822.1564.qmail@web14106.mail.yahoo.com>
Received: from [194.248.174.58] by web14106.mail.yahoo.com via HTTP;
	Mon, 14 Jun 2004 13:18:22 CEST
Date: Mon, 14 Jun 2004 13:18:22 +0200 (CEST)
From: =?iso-8859-1?q?Claus=20Guttesen?= <cguttesen@yahoo.dk>
To: Haim Ashkenazi <haim@babysnakes.org>, freebsd-stable@freebsd.org
In-Reply-To: <pan.2004.06.14.09.41.50.727310@babysnakes.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Subject: Re: need suggestions for reverse proxy
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2004 11:18:51 -0000

> I'm looking for a reverse proxy for https to protect
> an IIS server. at the
> moment I'm using "pound" but then the IIS doesn't
> recognize where the
> original request came from so I can't do things like
> allow,deny from a
> certain IP or use awstats. It should be able to deal
> with sessions and
> load balancing (although at the moment I only have

You may try squid, although I doubt that squid works
with https in your setup. Squid needs to know the
private keys in order to decrypt the session-info so
it can be session-aware. One way to deal with this is
to let squid decrypt and pass it on to IIS as
cleartext. Squid is capable of removing unwanted
URL's.

But statefull loadbalancing may not be squids
strength.

We are using LVS (Linux Virtual Server). Although I
would have preferred a BSD-solution, nothing beats LVS
in terms of scalability. Had an old 486 with 64 MB
RAM, which could handle more than 10.000 unique
visitors a day.

Claus

Yahoo! Mail (http://dk.mail.yahoo.com) - Gratis: 6 MB lagerplads, spamfilter og virusscan