How about configuring the firewall to block everything and then then create
a rule that forwards/allows only port 80 and 443 to the reverse proxy
server. Configure the reverse proxy server to only support HTTP traffic (on
port 80 and using SSL on 443). Then you don't need to do DPI. I'd say you
don't actually need to filter the traffic to the reverse proxy server if
you pick one that that can be configured to only support HTTP traffic.


Walter


On Sat, Apr 12, 2014 at 4:39 AM, Oğuz Yarımtepe <oguzyarimt...@gmail.com>wrote:

> I am trying to design a reverse proxy structure that will direct traffic
> to some web servers behind. At the entry point, i want to allow just HTTP
> or HTTPs traffic. I want to do this by using DPI. I couldn't figured out
> how to do it via PfSense. L7 filtering only lets blocking, firewall rules
> depends ports. I need to define  L7 filtering rule that will only allow
> HTTP traffic but for the traffic coming to WAN interface.
>
> How can i do it?
>
> Thank you.
>
> --
> Oğuz Yarımtepe
> http://about.me/oguzy
>
> _______________________________________________
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Reply via email to