[Oisf-users] Suricata and Nginx

Duarte Silva duarte.silva at serializing.me
Sat May 9 14:19:31 UTC 2015


Hello,

I'm currently using Suricata in the same host as Nginx after the SSL
termination. I was actually planning on doing a blog post about it :D But
in a nutshell, I use nftables to get the traffic that is proxy passed back
to another nginx instance (running on the same server). Any attack will be
dropped and the connection from the ssl terminator nginx to the "backend"
will timeout.

Cheers,
Duarte
On 9 May 2015 00:00, "Jeripotula, Shashiraj" <
shashiraj.jeripotula at verizon.com> wrote:

> Hi,
>
>
>
> We are planning to use Nginx for SSL Termination on our front end servers.
>
>
>
> We also need to install Suricata on the Front End Servers, so that, we can
> inspect the packets.
>
>
>
> My question is, do I need the packets go through Suricata first before SSL
> Termination or after SSL Termination using Nginx.
>
>
>
> Also, does Suricata read the SSL packets, is there a separate
> configuration to look at SSL Traffic.
>
>
>
> Please advise.
>
>
>
> Thanks
>
>
> Raj
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150509/1a4bc3a6/attachment-0002.html>


More information about the Oisf-users mailing list