Request for Reverse Proxy Guidance

[Jason Wallace <jason.r.wallace () gmail com>]

Howdy all,

I'm looking for some IDS best practice guidance when dealing with a
reverse proxy. We have a new application being deployed that needs to
be assessable from the Internet via a web interface but also needs to
authenticate to AD. To date we do not pass the Windows auth ports from
our DMZ to our internal network and I would like to keep it that way.
To me that means we probably need to proxy the web traffic from our
DMZ to the new system hosted on the inside.

If I monitor in front of the proxy I'll see the original Internet src
address, with a dest of the proxy, and the original http request. If I
monitor behind the proxy I'll see the src as the proxy, the dest as
the internal server, and the proxyed http request.

If you could only monitor either in front or behind...which would you
do? I'm new to reverse proxies so if I'm missing something obvious,
please feel free to point this out!

Thx,
Wally

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users