How about configuring the firewall to block everything and then then create a rule that forwards/allows only port 80 and 443 to the reverse proxy server. Configure the reverse proxy server to only support HTTP traffic (on port 80 and using SSL on 443). Then you don't need to do DPI. I'd say you don't actually need to filter the traffic to the reverse proxy server if you pick one that that can be configured to only support HTTP traffic.
Walter On Sat, Apr 12, 2014 at 4:39 AM, Oğuz Yarımtepe <oguzyarimt...@gmail.com>wrote: > I am trying to design a reverse proxy structure that will direct traffic > to some web servers behind. At the entry point, i want to allow just HTTP > or HTTPs traffic. I want to do this by using DPI. I couldn't figured out > how to do it via PfSense. L7 filtering only lets blocking, firewall rules > depends ports. I need to define L7 filtering rule that will only allow > HTTP traffic but for the traffic coming to WAN interface. > > How can i do it? > > Thank you. > > -- > Oğuz Yarımtepe > http://about.me/oguzy > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
