|
WebApp Sec
mailing list archives
RE: Reverse Proxy and Link Encoding
From: Amit Klein <Amit.Klein () SanctumInc com>
Date: Thu, 05 Jun 2003 13:23:23 +0300
Hi Michael,
There are several commercial products that implement this concept - for
example, Sanctum (the company I work for) offers AppShield
(http://www.sanctuminc.com/solutions/appshield/index.html). We coded what
you described below into AppShield (we call this technology DPRE - Dynamic
Policy Recognition Engine). In order to provide more flexibility, we also
give the customer the ability to write "exception rules" which override
DPRE, thus allowing links that are not found in the HTML pages.
There's a slight difference in the implementation though. We do not change
the HTML pages so that links are pointing at AppShield. Rather, we let
AppShield (instead of the original web server) have the IP that is exposed
to the Internet, and then have AppShield forward the request to the web
server (which is not accessible from the Internet). Thus, the HTML pages are
not modified. In AppShield, we compare an incoming request to the links that
we extracted from the HTML pages, and if a match is found, we forward the
request.
If you're interested in more details, please do not hesitate to contact me.
Thanks,
-Amit
Amit Klein
Director of security
and audit practices
Sanctum, Ltd.
http://www.SanctumInc.Com/
Ampa Bldg., 1 Sapir Street.
Mail: P.O.Box 12047
Herzliya 46733, ISRAEL
Tel: +972-9-9586077 Ext. 225
Fax: +972-9-9576337
Amit.Klein () SanctumInc Com
 By Date 
By Thread
Current thread:
|
Intro
