> > So... what are you trying to say?
> > This slightly improved security is not worth the setup hassle?
> >
> > So why do YOU run it this way? ;)
>
> First of all, it isn't necessary to use the SSL_EXPERIMENTAL code to get
> this to work.
I was told so... so you say mod_ssl-2.8.0-1.3.17 should be able to do this?
Even without the EXPERIMENTAL code?
> Secondly, we do things this way because of our network topology. We have a
> few real IP addresses, and our own internal addressing system. So this
So do we have :)
[snip]
> I would say that this is a lot more than "slightly" improved security, and
> yes, it is definitely worth the hassle. IMHO this is probably one of the
> better options.
That's exactly what I think! Your last post sounded a little like
you are using this sollution but now doubt it was worth the hassle.
Sorry if I got this wrong! :)
> No-one can guarantee absolute security other than disconnecting completely
> from the Internet, because someone somewhere could potentially find a way
> into one of your systems.
Exactly, that's the point! We only can make it as hard as possible.
Would be great if you could share your experiences on
this mod_proxy+mod_ssl sollution with us.
--
Torsten
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
