This functionality is required for PCI-DSS compliance in any scenario
where pound and the backend do NOT reside on the same server (i.e. the
traffic is not allowed to hit the wire unencrypted).
/Eirik
Sent from my iPhone
On 10. juli 2009, at 23.32, Heiko Schlittermann <[email protected]>
wrote:
Hello,
now I'm answering myself.
Heiko Schlittermann <[email protected]> (Do 09 Jul 2009 22:00:19
CEST):
Hello,
here is the conversation with Robert I had so far about using
pound as an HTTPS / HTTPS proxy. He asked me for the reason(s)
wanting
this MITM approach.
...
and probably Apaches mod_proxy could be used. Both solutions are not
checked yet, since I like the lean approach of Pound, compared with
these two "fat" applications.
(The current setup we're testing uses an stunnel connection to the
backend...)
Just for the records:
client -- { internet } --- [ pound | stunnel ] ------- [ backend ]
https://<domain>/path https://<domain>/
path
works for me. But I'd like to see the stunnel integrated in pound (for
admin purposes).
Heiko
--
SCHLITTERMANN.de ---------------------------- internet & unix
support -
Heiko Schlittermann HS12-RIPE
-----------------------------------------
gnupg encrypted messages are welcome - key ID: 48D0359B
---------------
gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0
359B -
--
To unsubscribe send an email with subject unsubscribe to [email protected]
.
Please contact [email protected] for questions.
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
