Search results

I'm aware of the proxy being allowed to fall back to insecure connections, but this doesn't automatically make it an desired behaviour for all kinds of networks. This rather qualifies as vulnerability, because the risk is not obvious for the administrator, who usually configures...

No, i didn't mean client verification. This is only useful to secure the connection between client and OLS. We would like to secure the connection between OLS and the backend, because the subnet is not trusted in our case. With the current defaults anyone can run a MITM attack on the backend...

Hello, we are using OLS as reverse proxy and it pulls the content from our backend server without any issues. However: The backend server has an SSL certificate from an intranet CA installed, which cannot be known to OLS and therefore it should have no chance to verify it. Conclusion: OLS...