Firewall Wizards mailing list archives
RE: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY
From: "MONTENEGRO,FERNANDO (HP-Canada,ex1)" <fernando_montenegro () hp com>
Date: Mon, 26 Feb 2001 14:36:24 -0700
Hi!
Apart from the (imho fallacious) warm fuzzy feeling that "our real webserver is no longer exposed to direct attack from the Internet", I don't see value in a reverse proxy - the reverse proxies I've seen in production simply relay stuff back and forth.
One comment I'd like to make is that if you're using Apache as a reverse proxy, you can base your rewriting rules on the variables present on the HTTP header or additional server variables. This makes for an interesting set-up, where you can restrict inbound requests based on path, size, time/date, agent, ... The security ramifications of this are *very* interesting: it takes a bit of work, but you can severely restrict what HTTP requests actually make it to the internal server and what they look like. For more details, look at the documentation for mod_rewrite, especially the RewriteCond directive. Hope this helps. Cheers, Fernando -- Fernando S. Montenegro, CISSP - fernando_montenegro () hp com DISCLAIMER: Opinions expressed above are my own and do not necessarily reflect those of my employer. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY agetchel (Feb 20)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Darren Reed (Feb 20)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Ng Pheng Siong (Feb 21)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Robert Collins (Feb 25)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Ng Pheng Siong (Feb 26)
- Reversise Proxies? (was Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY) Robert Collins (Feb 26)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Robert Collins (Feb 25)
- <Possible follow-ups>
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Bill_Royds (Feb 21)
- RE: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY MONTENEGRO,FERNANDO (HP-Canada,ex1) (Feb 26)