Firewall Wizards mailing list archives
RE: Reverse proxy ??
From: "Anton J Aylward" <anton () the-wire com>
Date: Wed, 3 Nov 1999 10:30:49 -0500
I feel no one has clearly said what a Reverse Proxy is.
Good description. While its undoubtedly common, I don't think its a universal one. I've seen internal reverse proxies in e-commerce applications that ensure if the firewall is subverted it can't be used as a springboard to the internal database. The database issues a reverse request ("do you want something?") to the RP. The RP asks the proxy/firewall/server if it has any requests. There is no route from the proxy/firewall/server to the database except by the RP. If the p/f/s/is subverted it can't go anywhere because the RP port on that side will not accept incoming. AT ALL. Kind of like back-to-back diodes ;-) (This model is obviously based on the old style corner store. You walked up to the counter and the sales clerk asked you what you wanted. There was no display and no catalogue. You had to know what you wanted and know how to ask for it. No displays and no good out on show means no shoplifting. Good model for e-commerce, eh? ) Why call this a reverse proxy? Because it is a proxy but its pointing in the other direction. (Its acting on behalf of the database.) Which begs the question, why call the example Eric gave a "reverse proxy"? I can see that its acting "in proxy", although this is different from the kind of proxy we have on a firewall for incoming connections, and is indeed pointing in the other direction, but its primary purpose is caching. Why isn't it called a mumblemumble[1] cache? Or is this more of the attempt of the English language to create a technical priesthood by ofsucating the obvious? -------------------------------------------------------------------- Anton J Aylward, CISSP | Maybe somebody should try to teach System Integrity | journalists to say "scriptkiddies". InfoSec Auditing & Consulting | It would reduce the ego-boost would-be Voice: (416) 421-8182 | "elite hackers" get from descriptions aja () si on ca | of their squalid little pranks. [1] Insert your own "this isn't rocket science" keyword in place of "mumblemumble".
Current thread:
- RE: Reverse proxy ?? Joe Ippolito (Nov 01)
- <Possible follow-ups>
- Re: Reverse proxy ?? Steve Anich (Nov 01)
- Re: Reverse proxy ?? Steven Osman (Nov 01)
- RE: Reverse proxy ?? Robyn Bailey (Nov 01)
- RE: Reverse proxy ?? Eric Toll (Nov 02)
- RE: Reverse proxy ?? Rafi Sadowsky (Nov 04)
- Re: Reverse proxy ?? Rui Pereira (Nov 04)
- RE: Reverse proxy ?? Anton J Aylward (Nov 04)
- RE: Reverse proxy ?? Don Tuer (Nov 05)
- RE: Reverse proxy ?? dreamwvr (Nov 06)
- Re: Reverse proxy ?? Brad Van Orden (Nov 04)
- RE: Reverse proxy ?? Eric Toll (Nov 05)
- RE: Reverse proxy ?? fernando_montenegro (Nov 05)
- RE: Reverse proxy ?? Eric Toll (Nov 05)
- RE: Reverse proxy ?? Scott, Richard (Nov 05)
- RE: Reverse proxy ?? Marcus J. Ranum (Nov 05)
- RE: Reverse proxy ?? Eric Toll (Nov 08)