I was wondering if it is possible to have Suricata or Snort look at http traffic after ssl offloading on haproxy? If it is how would I go about it on a pfsense install. Would I just point them towards my lan and vlan interfaces? Or would it still be better to have it on the wan even though inbound traffic will be encrypted most of the time?
Suricata or Snort don’t see very well into SSL traffic
Even after ssl offloading?