Home page logo
/

basics logo Security Basics mailing list archives

Re: Securing a web server through reverse proxy?
From: "Scott Liebergen" <scott () newlug org>
Date: Thu, 20 Feb 2003 21:19:24 -0600 (CST)


mod_proxy is very powerful , but when it comes to security I wouldn't
use it use it to protect another server as it had some problems in the
past .


In addition to  mod_proxy, you can also use mod_rewrite to lock down what
can be requested and what can't. Our developers had content directories
scattered all over the place on the backend IIS servers. We used apache as
a reverse proxy on a Linux server with mod_rewrite to serve as a security
mechanism to only allow legit requests. This is pretty much what that tool
released by MS did a year or two ago for IIS servers. We had a nice
rewrite list built thanks to the wonderful directory placement of our
development team  ;-)

Cheers,
Scott




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]