Firewall Wizards mailing list archives

RE: Reverse proxy ??

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Fri, 05 Nov 1999 11:00:25 -0500


First, a comment...

        Have the list members noticed that the few disagreements
on this list are virtually all regarding terminology? ;) I know
that I've been frustrated most of my career by the technologist's
syndrome: first we have to define what we're talking about, then
we can discuss it. :) Back in the early days of firewalls, I tried
to propose a set of terms, many of which stuck ("bastion host",
"proxy", etc) but within a few months vendors had made their
own interpretations (of course) to suit. The issue of terminology
is amazingly frustrating. I don't think it'll go away, either.
So, let's all be gracious and as the discussion goes forward,
let's remember that when I say "tomato" I probably am talking
about "potatoes" :)

I would like to put it to the group to define a Reverse Proxy attack!


A "proxy" or "application gateway" was originally a term used
to describe the class of software systems that exist to carry
data back and forth (and hopefully apply security policy) between
two networks.

I would therefore say that a "reverse proxy" is a special case
of a proxy, designed to carry traffic from a less trusted
network into a more trusted network (again, hopefully applying
some kind of security policy). I believe the most commonly used
form of reverse proxy is for web traffic - in which a web server
inside the firewall is accessed by external systems through the
proxy. Proxies may perform caching. Proxies may perform content
analysis. Proxies may perform load spreading. Those are details
except as they apply to the next definition.

A "reverse proxy attack" would be an attack launched through
a reverse proxy. This would typically take the form of an attack
that triggers a vulnerability in the application server that
is being proxied to. So, for example, a reverse proxy attack
against a web server would be an attack which could successfully
drive a web server buffer overrun through the proxy (in spite
of the proxy's security policy/content analysis/caching/etc)
and exploit a weakness in the web server. A reverse proxy
attack might also successfully exploit a hole in a mail
transfer agent, despite the presence of an intervening mail
proxy.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr

Current thread:

RE: Reverse proxy ??, (continued)
- - RE: Reverse proxy ?? Rafi Sadowsky (Nov 04)
  - Re: Reverse proxy ?? Rui Pereira (Nov 04)
  - RE: Reverse proxy ?? Anton J Aylward (Nov 04)
  - RE: Reverse proxy ?? Don Tuer (Nov 05)
    - RE: Reverse proxy ?? dreamwvr (Nov 06)
- Re: Reverse proxy ?? Brad Van Orden (Nov 04)
- RE: Reverse proxy ?? Eric Toll (Nov 05)
- RE: Reverse proxy ?? fernando_montenegro (Nov 05)
- RE: Reverse proxy ?? Eric Toll (Nov 05)
- RE: Reverse proxy ?? Scott, Richard (Nov 05)
- RE: Reverse proxy ?? Marcus J. Ranum (Nov 05)
- RE: Reverse proxy ?? Eric Toll (Nov 08)