Welcome! Log In Create A New Profile

Advanced

ocsp-stapling through http proxy?

Previous Message Next Message
Forum List Message List New Topic Print View
Anonymous User
October 13, 2016 06:26AM
Hi,

we have been informed by our CA that they will be moving their
OCSP-servers to "the cloud" - it was a fixed set of IPs before.
These fixed sets could relatively easily be entered as firewall rules
(and hosts-file entries, should DNS-resolution be unavailable).
Of course, they could as easily be targeted by Script-Kiddies and
Wannabe-Hackers as targets for a DDoS.

As such, I would need to allow outbound http-connections to the whole
internet, which is kind of exactly the opposite of what I want to do.
And that's ignoring for a moment the necessity to allow outbound DNS...

It would be cool if nginx would be able to do the stapling through a
http-proxy.



Rainer


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

ocsp-stapling through http proxy?

Anonymous User October 13, 2016 06:26AM

RE: ocsp-stapling through http proxy?

Reinis Rozitis October 13, 2016 07:18AM

Re: ocsp-stapling through http proxy?

Anonymous User October 13, 2016 08:24AM

Re: ocsp-stapling through http proxy?

Reinis Rozitis October 13, 2016 10:14AM

Re: ocsp-stapling through http proxy?

Anonymous User October 13, 2016 10:44AM

Re: ocsp-stapling through http proxy?

Maxim Dounin October 13, 2016 09:36AM

Re: ocsp-stapling through http proxy?

Reinis Rozitis October 13, 2016 10:16AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 312
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready