Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Using Reverse Proxies
From: "Lovaas,Steven" <Steven.Lovaas () COLOSTATE EDU>
Date: Sun, 18 Feb 2007 22:45:01 -0700


My suspicion is that many of the people using this approach don't use the term 'reverse proxy'. Recently, we hear a lot 

* SSL VPN access to protected web resources (Juniper SecureAccess, Cisco ASA, etc)
* application-aware firewalls that re-write web requests (Citrix Application Firewall, Windows ISA, etc)
* web front-end servers for back-end mail (Exchange OWA, SquirrelMail, etc)

In each of these cases, in slightly different ways, the user's request hits a front-end server, which then connects to 
the protected resource on the user's behalf. Each technology prevents the user from being able to directly access the 
back-end resource. It does all boil down to a 'reverse' proxy, in that the more traditional use for a proxy is to 
protect internal users from the Big Bad Network. The reverse proxy, on the other hand, protects the server(s) from all 
those nasty users.

In that case, I suspect you might get a lot more positive answers than you'd think. I'm a big fan of all three 

Steve Lovaas
Colorado State University

From: Tim Lane [tlane () SCU EDU AU]
Sent: Sunday, February 18, 2007 6:15 PM
Subject: [SECURITY] Using Reverse Proxies


we are currently assessing the pros and cons of using reverse proxy primarily as from a security perspective, the trend 
in application level web vulnerabilities being used by attackers to compromise data and servers can be mitigated to 
some degree by use of reverse proxy.  Additionally the hiding of web servers and (potentially) improved performance 
together with a single point for web application logging and analysis is useful. HOWEVER, on the other side, 
maintaining a secure proxy may increase administrative overhead and if not done properly, compromise could be more 

Just wondering if other Universities/Educational institutions are using reverse proxy and in what circumstances?



Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

*02 6620 3290   7              02 6620 3033   * tlane () scu edu au
* http://www.scu.edu.au

  By Date           By Thread  

Current thread:
  • Using Reverse Proxies Tim Lane (Feb 19)
    • <Possible follow-ups>
    • Re: Using Reverse Proxies Lovaas,Steven (Feb 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]