Firewall Wizards mailing list archives
Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY
From: Ng Pheng Siong <ngps () post1 com>
Date: Mon, 26 Feb 2001 23:11:20 +0800
On Thu, Feb 22, 2001 at 08:20:47AM +1100, Robert Collins wrote:
From: "Ng Pheng Siong" <ngps () post1 com>Reverse proxies break X.509 cert-based client authentication.I don't believe there's any protocol level reason why the reverse proxy cannot perform the X.509 certificate authentication itself. Certainly the web server AND the reverse proxy cannot both perform that authentication.
You're right on both counts.
AFAIK some of the commercial reverse proxies will perform authentication on behalf of the webserver.
Then the reverse proxy is really telling the webserver "trust me" when communicating the identity of the client. Apart from the (imho fallacious) warm fuzzy feeling that "our real webserver is no longer exposed to direct attack from the Internet", I don't see value in a reverse proxy - the reverse proxies I've seen in production simply relay stuff back and forth.
What about things like the cisco LocalDirector? Although I'm not quite sure whether that's a reverse proxy or a tcp load balancer :-].
It's a dead product. Cisco now peddles Arrowpoint. ;-) -- Ng Pheng Siong <ngps () post1 com> * http://www.post1.com/home/ngps _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY agetchel (Feb 20)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Darren Reed (Feb 20)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Ng Pheng Siong (Feb 21)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Robert Collins (Feb 25)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Ng Pheng Siong (Feb 26)
- Reversise Proxies? (was Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY) Robert Collins (Feb 26)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Robert Collins (Feb 25)
- <Possible follow-ups>
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Bill_Royds (Feb 21)
- RE: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY MONTENEGRO,FERNANDO (HP-Canada,ex1) (Feb 26)