Suricata and HAProxy

Started by Syon, March 12, 2023, 12:41:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 12, 2023, 12:41:21 PM
I'm running a HAProxy with a wildcard Let's Encrypt Certificate. From OPNsense to the Server is the traffic also encrypted with Let's Encrypt Certificates. Is Suricata able to inspect this traffic? It is listening to the intern Interface, but there should be only encrypted traffic?
March 12, 2023, 11:26:19 PM #1
Suricata can't decrypt TLS traffic by itself. If you want it to scan it, you need to terminate the TLS connection at haproxy and send the traffic unencrypted to the internal server.
March 13, 2023, 12:48:42 PM #2
Yes, I thought, that decrypt and encrypt on the OPNsense would do the trick.... But therefor it had to inspect an interface X between the processes...
Print
Go Up Pages1
User actions