Firewall Wizards mailing list archives
RE: Reversise Proxies? (was Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY)
From: "SecurityForums" <SecurityForums () sanctuminc com>
Date: Sun, 4 Mar 2001 14:42:46 +0200
Dear Sir, The features you relate to in your discussion of reverse proxy are already implemented in a commercially available product. This product is a reverse proxy that protects the HTTP layer and the application layer (logic) of a web-site. It protects against, among other things: - web-server specific attacks (Unicode, ::$DATA, double-dots, forceful browsing, directory listing, etc.) - buffer overflows of various kinds (in the URL/query, in HTTP fields, and even more importantly, in HTML form fields!) - breaching the application logic - if you're not allowed to access a URL, then you can't, and if a script expects its parameters in a certian format, it will be enforced. This includes enforcing consistency of hidden parameters. - cookie poisoning - cookies sent to the client are not allowed to change. It also does an excessive logging of each request. The product name is AppShield, by Sanctum Inc. (http://www.sanctuminc.com) If you need further assistance, please call us. Thanks, Security Forums Group Sanctum Inc Tel: 408 855 9500 x206 email: securityforums () sanctuminc com www.sanctuminc.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Reversise Proxies? (was Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY) SecurityForums (Mar 04)