There are a couple of solutions to this problem that I've seen. I don't recall all the vendors and all the products so forgive me. But I'll give you a dump of what I know. First, some IDS's (and this is where I forget the vendors) allow you to specify the private key that is used to encrypt the https data. With this in hand, the IDS is able to eavesdrop on the communication flowing by. Thats why its so important to keep those private keys private :-) If other people know what they are then they can snoop in on the communication. Second, you can use an SSL terminator. There are many vendors who have products that do this, some of them are simply SSL terminators and some of them include other features such as load balancing as part of the package. If you place the IDS on the non encrypted side of the SSL terminator you are free to look at the HTTP traffic as it flows by as it is all unencrypted. -gabe On Tue, 2002-03-19 at 10:09, zeno wrote: > Hello, > > Currently IDS products monitor for webserver or web application attacks over http. > Do any monitor attacks over https? If so can people name a few products that do this? > Also if any info is availble how can they handle themselves on web hosting companies? > (Thats tons of math to compute) > > > Thanks > > - zenoat_private >
This archive was generated by hypermail 2b30 : Wed Mar 20 2002 - 21:06:39 PST