[Oisf-users] Suricata and Nginx
Cooper F. Nelson
cnelson at ucsd.edu
Fri May 8 23:33:10 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Suricata cannot decrypt SSL traffic.
I assume you are going to configure Nginx on your external interface and
have your HTTP daemon listen on the loopback interface. You can tell
suricata at runtime to monitor both interfaces, so it should see both
the encrypted and unencrypted traffic.
This will allow you to see issues with the SSL transport, as well as the
decrypted traffic. Take care to set your environment variables
correctly, as you will want the loopback IP to be your $HOME_NET and the
Nginx to be considered an external IP, as its proxying the source of the
HTTP requests.
- -Coop
On 5/8/2015 4:00 PM, Jeripotula, Shashiraj wrote:
> Hi,
>
>
>
> We are planning to use Nginx for SSL Termination on our front end servers.
>
>
>
> We also need to install Suricata on the Front End Servers, so that, we
> can inspect the packets.
>
>
>
> My question is, do I need the packets go through Suricata first before
> SSL Termination or after SSL Termination using Nginx.
>
>
>
> Also, does Suricata read the SSL packets, is there a separate
> configuration to look at SSL Traffic.
>
>
>
> Please advise.
>
>
>
> Thanks
>
>
> Raj
>
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJVTUe2AAoJEKIFRYQsa8FWS5sH/36WsaDsYXFZTO5pxI92wm67
sJFGMkoJ3l1HZQDrnZI5EtN2K6YNs773y2c9bdeTgLVINTX6dDnha4Snp3ppqmPV
1ywGZhiz0Zk7af9CC5LDd+lrlfdISnJf9rnTTUdHWsPIqC5qXc6gSYdNle7EjHTn
cKFk6B18jnlFVu3R6fGiBEEiQcYrfjSWLPH93N2lGa0GJ2QMT+CnDAfZhPp9OpbQ
4Xce81GaKJfcjfQwYKzMB+rtTlu7ZIShIcBdIFX6d+HTv7oM5KyEeVYHbwCFm00G
nX8NBhjS5Fyz/H7Ey4vo1o9f3cvzVDwKoQgoDmnf/c1eKXzh/D8yxGcXAdM9Md4=
=qnL0
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list