[sslh] SSLH + 127.0.0.1 apache logs solution?
Jon Spriggs
jon at sprig.gs
Tue Oct 9 11:23:56 CEST 2012
To be fair, I've abandoned using simple cookieless tracking using IP
addresses and Agent Headers because I started to use proxies such as
PageKite and services like SSLH which render all the connections as
coming from 127.0.0.1.
Ideally, I'd like to be able to use SSLH to intercept the initiating
connection, and re-write the packet as it traverses SSLH so that it is
going to 127.0.0.1:443, but coming from the real initiating address of
1.2.3.4:56789 (rather than the SSLH initiated 127.0.0.1:54321).
There's a lot of stuff to actually make that happen, if only to make
the response stuff work (maybe involving transparent proxies or
routing, which is probably outside the scope of this!) but if someone
could find a project to make this happen, I'd be a happy man!
--
Jon "The Nice Guy" Spriggs
On 8 October 2012 19:19, Yves Rutschle <yves at naryves.com> wrote:
> On Mon, Oct 08, 2012 at 06:44:24PM +0200, Thireus wrote:
>> I have a question related to apache logs. I would like to
>> know if it is possible to output and store sslh connexion
>> logs in /var/log/. So that it can be combined with apache
>> access logs that displays 127.0.0.1 IP sources. [...]
>
> sslh already logs quite a bit (by default in
> /var/log/auth.log in Debian), e.g.:
>
> Sep 18 10:56:31 thelonious sslh[16895]: connection from mit.people.hostwaydcs.com:58670 to thelonious.naryves.com:https forwarded from localhost:48817 to localhost:ssh
>
> Is that not what you're looking for?
>
> Y.
>
> _______________________________________________
> sslh mailing list
> sslh at rutschle.net
> http://rutschle.net/cgi-bin/mailman/listinfo/sslh
More information about the sslh
mailing list