WebApp Sec mailing list archives
Re: Reverse Proxy Server?
From: Don Felgar <dfelgar () rainier-infosys com>
Date: Tue, 27 May 2003 16:25:23 -0700
On Tue, May 27, 2003, Bob Lee wrote: ...
Trusting IP addresses is not a very safe or scalable practice. You have NAT, dynamic IPs, ARP poisoning, etc. Bob
Not true. Granting a small set of IP's access to your server nearly nullifies the possibility of a portscanner discovering a vulnerability in your server. It is much safer than not doing so. That is not to say that you should forego passwords and encryption, if that's what you meant. It may or may not be scalable, depending on your situation. NAT may not be a problem if you are granting access to an entire organization. Dynamic IP's are usually within a narrow range, so easily handled. Also ARP poisoning is an extra hurdle that the determined cracker has to get around. You should limit IP access to all services where it's practical. --Don
Current thread:
- Reverse Proxy Server? Dean Thompson (May 27)
- Re: Reverse Proxy Server? Bob Lee (May 27)
- Re: Reverse Proxy Server? Stig Palmquist (May 27)
- Re: Reverse Proxy Server? Don Felgar (May 27)
- Re: Reverse Proxy Server? Bob Lee (May 27)
- Re: Reverse Proxy Server? Don Felgar (May 28)
- Re: Reverse Proxy Server? Bob Lee (May 28)
- Re: Reverse Proxy Server? Bob Lee (May 27)
- Re: Reverse Proxy Server? Dean Thompson (May 28)
- <Possible follow-ups>
- RE: Reverse Proxy Server? Dawes, Rogan (ZA - Johannesburg) (May 27)
- RE: Reverse Proxy Server? Aaron Goldsmid (May 27)
- Re: Reverse Proxy Server? Neil Kohl (May 27)
- RE: Reverse Proxy Server? Harry Chemin (May 27)