Security Basics mailing list archives
Reverse proxy versus shifting webserver to DMZ
From: barcajax () gmail com
Date: 15 Jul 2007 12:54:05 -0000
Client=>Reverse proxy (DMZ)=>Webserver (internal) Is a reverse proxy really that advantageous over hardening a webserver and shifting it to the DMZ? I read a manual from a vendor that states the use of a reverse proxy hides the internal addressing. I disagree with this statement as the firewall does that function. The way I see it... a reverse proxy (that is built on a different OS from the webserver) prevents direct attacks on the webserver. However if the application is vulnerable, attackers can still compromise the backend by targeting its application flaws. It is possible to escalate privileges that way. This defeats the purpose of deploying a reverse proxy wouldn't it?
Current thread:
- Reverse proxy versus shifting webserver to DMZ barcajax (Jul 16)
- Re: Reverse proxy versus shifting webserver to DMZ jean-philippe luiggi (Jul 17)
- Re: Reverse proxy versus shifting webserver to DMZ MaddHatter (Jul 17)