RE: Reversise Proxies? (was Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY)

["SecurityForums" <SecurityForums () sanctuminc com>]

Dear Sir,

The features you relate to in your discussion of reverse proxy are already
implemented in a commercially available product. This product
is a reverse proxy that protects the HTTP layer and the application layer
(logic) of a web-site. It protects against, among other things:

- web-server specific attacks (Unicode, ::$DATA, double-dots, forceful
browsing, directory listing, etc.)

- buffer overflows of various kinds (in the URL/query, in HTTP fields, and
even more importantly, in HTML form fields!)

- breaching the application logic - if you're not allowed to access a URL,
then you can't, and if a script expects its parameters in a certian format,
it will be enforced. This includes enforcing consistency of hidden
parameters.

- cookie poisoning - cookies sent to the client are not allowed to change.

It also does an excessive logging of each request.

The product name is AppShield, by Sanctum Inc. (http://www.sanctuminc.com)

If you need further assistance, please call us.

Thanks,

Security Forums Group
Sanctum Inc
Tel: 408 855 9500 x206
email: securityforums () sanctuminc com
www.sanctuminc.com



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards