I would be interested to see if SSH can actually be forwarded without triggering a main-in-the-middle error.
I'm not sure on the first question, but I would guess that you would want to disable everything except your app. At the bottom of the db.py model, just put "session.forget(request)". This will still create cookies, I think but will not actually use them. Not sure on this one. Maybe someone else has a better answer for turning cookies off completely. In your model, I would also disable anything you don't need: db, mail, auth, etc. On Sunday, February 26, 2012 1:09:21 PM UTC-5, t13one wrote: > > I'm thinking about setting up SSLH on my personal server. > > From http://freecode.com/projects/sslh: > ---- > > > sslh accepts HTTPS, SSH, OpenVPN, tinc, and XMPP connections on the > > same port. This makes it possible to connect to any of these servers > > on port 443 (e.g., from inside a corporate firewall, which almost > > never blocks port 443) while still serving HTTPS on that port. > > In short summary (and to my limited understanding), SSLH works by > forwarding the connection from the sslh daemon to either the ssh server > or the web-server (among other options). This means all SSL connections > will ultimately appear to be connecting to apache/web2py via 127.0.0.1. > > Are there any security concerns with this? Should I disable admin and > appadmin completely? > > How are session cookies affected? > > Would any other functionality be affected? > > On Sunday, February 26, 2012 1:09:21 PM UTC-5, t13one wrote: > > I'm thinking about setting up SSLH on my personal server. > > From http://freecode.com/projects/sslh: > ---- > > > sslh accepts HTTPS, SSH, OpenVPN, tinc, and XMPP connections on the > > same port. This makes it possible to connect to any of these servers > > on port 443 (e.g., from inside a corporate firewall, which almost > > never blocks port 443) while still serving HTTPS on that port. > > In short summary (and to my limited understanding), SSLH works by > forwarding the connection from the sslh daemon to either the ssh server > or the web-server (among other options). This means all SSL connections > will ultimately appear to be connecting to apache/web2py via 127.0.0.1. > > Are there any security concerns with this? Should I disable admin and > appadmin completely? > > How are session cookies affected? > > Would any other functionality be affected? > >
