Firewall Wizards mailing list archives
Re: Reverse Proxy on DMZ
From: youngk () ttc com
Date: Mon, 11 Jan 1999 10:01:37 -0500
What are the pros and cons of using a proxy (caching) server on a DMZ segment to allow access to an internal web server? The DMZ is hanging off a segment on a firewall.
It is always a bad idea to have publically-accessable servers on your internal network. Since (I think) that most caching proxy server don't cache CGI scripts, you can use the attack which was mentioned by Jon Ribbens <jon () oaktree co uk> just yesterday on BugTraq to overflow a buffer on a specific CGI script. Whammo... Access to your web server on your internal network means access to your internal network. Of course, tight security on your web server *might* be able to stop any serious damage, but do you really want to take that chance? --Keith Young/Avenger -youngk () ttc com
Current thread:
- Reverse Proxy on DMZ Joel Snider (Jan 10)
- Re: Reverse Proxy on DMZ Paul D. Robertson (Jan 11)
- Re: Reverse Proxy on DMZ Perry E. Metzger (Jan 12)
- <Possible follow-ups>
- Re: Reverse Proxy on DMZ youngk (Jan 12)
- Re: Reverse Proxy on DMZ Matt McClung, CCSA/CCSE (Jan 13)
- Re: Reverse Proxy on DMZ Perry E. Metzger (Jan 13)
- Re: Reverse Proxy on DMZ Matt McClung, CCSA/CCSE (Jan 13)
- Re: Reverse Proxy on DMZ Perry E. Metzger (Jan 13)
- Re: Reverse Proxy on DMZ John Kozubik (Jan 18)
- Re: Reverse Proxy on DMZ Amos Hayes (Jan 19)
- Re: Reverse Proxy on DMZ Roger Nebel (Jan 20)
- RE: Reverse Proxy on DMZ Andreas Haug (Jan 19)
- Re: Reverse Proxy on DMZ Amos Hayes (Jan 19)
- Re: Reverse Proxy on DMZ Matt McClung (Jan 19)
- Re: Reverse Proxy on DMZ Joseph S D Yao (Jan 20)
(Thread continues...)