Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using Reverse Proxies

From: "Lovaas,Steven" <Steven.Lovaas () COLOSTATE EDU>
Date: Sun, 18 Feb 2007 22:45:01 -0700
Tim,

My suspicion is that many of the people using this approach don't use the term 'reverse proxy'. Recently, we hear a lot 
about:

* SSL VPN access to protected web resources (Juniper SecureAccess, Cisco ASA, etc)
* application-aware firewalls that re-write web requests (Citrix Application Firewall, Windows ISA, etc)
* web front-end servers for back-end mail (Exchange OWA, SquirrelMail, etc)

In each of these cases, in slightly different ways, the user's request hits a front-end server, which then connects to 
the protected resource on the user's behalf. Each technology prevents the user from being able to directly access the 
back-end resource. It does all boil down to a 'reverse' proxy, in that the more traditional use for a proxy is to 
protect internal users from the Big Bad Network. The reverse proxy, on the other hand, protects the server(s) from all 
those nasty users.

In that case, I suspect you might get a lot more positive answers than you'd think. I'm a big fan of all three 
approaches...

Steve Lovaas
Colorado State University

________________________________
From: Tim Lane [tlane () SCU EDU AU]
Sent: Sunday, February 18, 2007 6:15 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Using Reverse Proxies

Hi,

we are currently assessing the pros and cons of using reverse proxy primarily as from a security perspective, the trend 
in application level web vulnerabilities being used by attackers to compromise data and servers can be mitigated to 
some degree by use of reverse proxy.  Additionally the hiding of web servers and (potentially) improved performance 
together with a single point for web application logging and analysis is useful. HOWEVER, on the other side, 
maintaining a secure proxy may increase administrative overhead and if not done properly, compromise could be more 
severe.

Just wondering if other Universities/Educational institutions are using reverse proxy and in what circumstances?

Thanks,

Tim



Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

*02 6620 3290   7              02 6620 3033   * tlane () scu edu au
* http://www.scu.edu.au
Previous By Date Next
Previous By Thread Next

Current thread: