Educause Security Discussion mailing list archives
Re: Using Reverse Proxies
From: "Lovaas,Steven" <Steven.Lovaas () COLOSTATE EDU>
Date: Sun, 18 Feb 2007 22:45:01 -0700
Tim, My suspicion is that many of the people using this approach don't use the term 'reverse proxy'. Recently, we hear a lot about: * SSL VPN access to protected web resources (Juniper SecureAccess, Cisco ASA, etc) * application-aware firewalls that re-write web requests (Citrix Application Firewall, Windows ISA, etc) * web front-end servers for back-end mail (Exchange OWA, SquirrelMail, etc) In each of these cases, in slightly different ways, the user's request hits a front-end server, which then connects to the protected resource on the user's behalf. Each technology prevents the user from being able to directly access the back-end resource. It does all boil down to a 'reverse' proxy, in that the more traditional use for a proxy is to protect internal users from the Big Bad Network. The reverse proxy, on the other hand, protects the server(s) from all those nasty users. In that case, I suspect you might get a lot more positive answers than you'd think. I'm a big fan of all three approaches... Steve Lovaas Colorado State University ________________________________ From: Tim Lane [tlane () SCU EDU AU] Sent: Sunday, February 18, 2007 6:15 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Using Reverse Proxies Hi, we are currently assessing the pros and cons of using reverse proxy primarily as from a security perspective, the trend in application level web vulnerabilities being used by attackers to compromise data and servers can be mitigated to some degree by use of reverse proxy. Additionally the hiding of web servers and (potentially) improved performance together with a single point for web application logging and analysis is useful. HOWEVER, on the other side, maintaining a secure proxy may increase administrative overhead and if not done properly, compromise could be more severe. Just wondering if other Universities/Educational institutions are using reverse proxy and in what circumstances? Thanks, Tim Tim Lane Information Security Program Manager Information Technology and Telecommunication Services Southern Cross University PO Box 157 Lismore NSW 2480 *02 6620 3290 7 02 6620 3033 * tlane () scu edu au * http://www.scu.edu.au
Current thread:
- Using Reverse Proxies Tim Lane (Feb 18)
- <Possible follow-ups>
- Re: Using Reverse Proxies Lovaas,Steven (Feb 18)