Re: Securing a webserver through reverse proxy?

[Alejandro Flores <aflores () ipad com br>]

        Hi,

        I have implemented some time ago, something like this, but using
apache. Apache has a proxy module, that makes apache work as a proxy for
a hole site, or just some directories (this module does much more...). I
mean, you can have an exposed webserver (apache), and when someone issue
an GET /somedir/ apache will download http://othersite.../somedir/ and
show it to you.
        The httpd.conf will have something like this on your virtualhost
directive:

        ProxyPass /somedir/ http://othersite/somedir/

        So, you can have an apache webserver running on the internet, and
mapping some directories to your internal IIS or wherever webserver you
have.

Hope you can understand something!

Regards,
Alejandro


> Greetings,
>
> I've read about a way to secure webservers, which must not be directly
> exposed to the Internet, using a reverse proxy, e.g. MS ISA Server or
> Squid on a UNIX box.
>
> Now my question would be: Has anyone experience with that? Is it really
> more secure (compared to firewalling and port forwarding)? Is the MS ISA
> Server Webpublishing rule (which implies reverse caching) doing an
> application layer filtering or does it just the mentioned caching? Can a
> Squid reverse proxy solution fulfill that too?
>
> If not, what are the steps necessary to accomplish this?
>
> Your input is appreciated.
>
> -- 
> Jonas Nagel <fireball () zerouptime ch>