How do you protect against specific vectors if your site is pure ssl?
Currently our firewalls inspect packets looking for certain known attack vectors. If my application goes pure ssl we'll lose that ability correct?
Granted we've lost that ability on our current ssl'd pages.
"It depends." You can set your firewall up so that the SSL termination happens on the firewall, thus the data stream can be inspected there, and then passed on to the back-end server via a different SSL certificate or non-SSLed. Generally (meaning in my experience) this is only done for larger-scale installations with dedicated hardware firewalls like a Cisco PIX or an accelerator like an F5, but it is possible even for a Linux iptables-based firewall utilizing Squid as an inbound proxy.
Usually you put an SSL accelerator in front of the IPS/IDS Firewalling, then the application servers. This not only allows for your to continue inspecting/filtering, but also offloads the relatively heavy connection process of SSL from your application servers.