The problem with this setup is, what will happen if the website is using some css, js files from other domains? Adding a rule for each of these domains will be painfull after a while i assume. But on the other hand, i will be using this reverse proxy node as the first entry point to my DDoS protection network, so not sure whether DPI is a good thing here or not.
On Sat, Apr 12, 2014 at 11:40 PM, Walter Parker <[email protected]> wrote: > How about configuring the firewall to block everything and then then > create a rule that forwards/allows only port 80 and 443 to the reverse > proxy server. Configure the reverse proxy server to only support HTTP > traffic (on port 80 and using SSL on 443). Then you don't need to do DPI. > I'd say you don't actually need to filter the traffic to the reverse proxy > server if you pick one that that can be configured to only support HTTP > traffic. > > >
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
