Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Web Application Firewall in OPNsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: Web Application Firewall in OPNsense (Read 4168 times)
ddywz
Newbie
Posts: 14
Karma: 0
Web Application Firewall in OPNsense
«
on:
February 08, 2021, 04:32:58 am »
Hello, this is my first post here as I decided to try out OPNsense and setup a new hardware Qotom-Q575G6-S05 with
OPNsense 21.1-amd64
FreeBSD 12.1-RELEASE-p12-HBSD
OpenSSL 1.1.1i 8 Dec 2020
Hardware is Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz (4 cores) and 16GB RAM
The basic installation went fine and main rules are in place. All is working fine so far. Today is my 3 day of running it.
I was using before sophos UTM and thought to try OPNsense and while I'm doing so I have the following question?
I have about 4 websevers that need to have external access from internet via HTTPS. In sophos I was using WAF feature (Web Application Firewall) where I would create a "Real" webserver (you basically tell define the real http or https path of the internal server) and link it with an external one created in the sophos UTM where I would upload the certificate and so the mapping is done via SNI and no ports were opened in the firewall to allow https traffic. This also helped with the fact that I can use the same 443 port for all servers connections coming from the single WAN address.
How would I accomplish this in OPNsense? can this be done in the webproxy section? I also saw a plugin called
"Nginx HTTP server and reverse proxy" would this help for the issue I'm having?
Thanks in advance.
Logged
Matriciel
Newbie
Posts: 37
Karma: 1
Re: Web Application Firewall in OPNsense
«
Reply #1 on:
February 08, 2021, 06:33:49 am »
Hello,
You need to use Haproxy.
It is a plugin for that
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: Web Application Firewall in OPNsense
«
Reply #2 on:
February 08, 2021, 11:13:08 am »
nginx and haproxy will be able to do that.
There is even an acme-client-plugin which will take care of your TLS encryption by installing and renewing Let's Encrypt certs
Logged
„The S in IoT stands for Security!“
ddywz
Newbie
Posts: 14
Karma: 0
Re: Web Application Firewall in OPNsense
«
Reply #3 on:
February 09, 2021, 04:36:41 am »
Thank you guys. Found it. installed the plugin and trying to configure it. I actually have three certificates that I have purchased and are valid till end of 2022 so I was going to import them in the "trust" menu. Is there a rule on how to import them? There are only two fields
1.X509 PEM cert
2. private key.
I have
1. .crt file
2. ca-bundle file
3. privkey.pem file
Should I combine .crt and ca-bundle into one pem file and enter it in the cert field? Is there a particular order for this? I could not find any details on the doc for this.
Thanks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Web Application Firewall in OPNsense