mailing list archives
Re: Securing a webserver through reverse proxy?
From: Alejandro Flores <aflores () ipad com br>
Date: 19 Feb 2003 15:53:33 -0300
I have implemented some time ago, something like this, but using
apache. Apache has a proxy module, that makes apache work as a proxy for
a hole site, or just some directories (this module does much more...). I
mean, you can have an exposed webserver (apache), and when someone issue
an GET /somedir/ apache will download http://othersite.../somedir/ and
show it to you.
The httpd.conf will have something like this on your virtualhost
ProxyPass /somedir/ http://othersite/somedir/
So, you can have an apache webserver running on the internet, and
mapping some directories to your internal IIS or wherever webserver you
Hope you can understand something!
I've read about a way to secure webservers, which must not be directly
exposed to the Internet, using a reverse proxy, e.g. MS ISA Server or
Squid on a UNIX box.
Now my question would be: Has anyone experience with that? Is it really
more secure (compared to firewalling and port forwarding)? Is the MS ISA
Server Webpublishing rule (which implies reverse caching) doing an
application layer filtering or does it just the mentioned caching? Can a
Squid reverse proxy solution fulfill that too?
If not, what are the steps necessary to accomplish this?
Your input is appreciated.
Jonas Nagel <fireball () zerouptime ch>