3

There is a web service that I am accessing, unfortunately, I can't paste the uri here because it is inside of an internal network and wouldn't do us any good here. The web service works great but the problem is the maintainers of it only support http and have no intentions of implementing https.

So, my question is... is there any way to force encryption without being able to use https? I imagine an SSH tunnel would be quite effective but I'm not sure how to implement it in this situation.

Any ideas?

J.C. Yamokoski
  • 131
  • 3
  • Do you have control over the system it's running on? – Shane Madden Mar 15 '11 at 20:08
  • 1
    Setup an HTTPS to HTTP service on the box or in front of it with stunnel. http://serverfault.com/questions/183239/https-reverse-proxy-for-http-only-web-service/183245#183245 – Zoredache Mar 15 '11 at 21:01
  • @shane Unfortunately, I don't have control over the web server, otherwise, I wouldn't be trying to MacGyver this situation. – J.C. Yamokoski Mar 16 '11 at 01:44
  • @zoredache stunnel sounds exactly like what I'm looking for, but I'm still trying to figure out how to apply it to my situation. – J.C. Yamokoski Mar 16 '11 at 01:46

1 Answers1

3

SSH tunnels are quite simple. Just make sure the firewall doesn't allow HTTP out (it would render the tunnel pointless) and does allow SSH out.

Then it's just a matter of tunneling localhost:80 (or whatever the port is) to a local port for you.

Here's an example if your computer runs *nix:
ssh webserver.example.com -L 8080:localhost:80 -fN

This will work assuming the ssh server is the same as the web server, if it is not, use the web server's ip instead of localhost. The -fN puts the tunnel in the background, freeing up the terminal again.

Once the tunnel is up, you can browse the server on localhost:8080 on your computer.

If you are on a Windows machine, use something like PuTTY. Here is a good how-to with screenshots.

Kenny Rasschaert
  • 9,045
  • 3
  • 42
  • 58
  • I don't have SSH access to the web server, so, unless I'm mistaken I would imagine that kills the SSH tunnel idea. But, you saying the SSH server may not necessarily be the same as the web server is throwing me off. If I don't SSH directly to the web server doesn't that render the encrypted tunnel pointless? – J.C. Yamokoski Mar 16 '11 at 01:41
  • If you can't access the web server using anything other than HTTP, you cannot encrypt the traffic as it leaves the webserver. You could encrypt it on some intermediary machine that you have shell access to, if that would be helpful. – sciurus Mar 16 '11 at 02:32