Home page logo

basics logo Security Basics mailing list archives

Re: Securing a webserver through reverse proxy?
From: brian_carpio () csgsystems com
Date: Thu, 20 Feb 2003 11:21:14 -0700 (MST)


I use the same things here to proxy hdml apps, IIS servers, Apache
Servers etc...

Apache's reverse proxy implementation is great you can provide
authentication with htpasswd files or with an ldap database!

Brian Carpio
CSG Systems Inc.
Open Systems Unix System Admin


On 19 Feb 2003, Alejandro Flores wrote:


      I have implemented some time ago, something like this, but using
apache. Apache has a proxy module, that makes apache work as a proxy for
a hole site, or just some directories (this module does much more...). I
mean, you can have an exposed webserver (apache), and when someone issue
an GET /somedir/ apache will download http://othersite.../somedir/ and
show it to you.
      The httpd.conf will have something like this on your virtualhost

      ProxyPass /somedir/ http://othersite/somedir/

      So, you can have an apache webserver running on the internet, and
mapping some directories to your internal IIS or wherever webserver you

Hope you can understand something!



I've read about a way to secure webservers, which must not be directly
exposed to the Internet, using a reverse proxy, e.g. MS ISA Server or
Squid on a UNIX box.

Now my question would be: Has anyone experience with that? Is it really
more secure (compared to firewalling and port forwarding)? Is the MS ISA
Server Webpublishing rule (which implies reverse caching) doing an
application layer filtering or does it just the mentioned caching? Can a
Squid reverse proxy solution fulfill that too?

If not, what are the steps necessary to accomplish this?

Your input is appreciated.

Jonas Nagel <fireball () zerouptime ch>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]