Security Basics mailing list archives

Re: Securing a web server through reverse proxy?

From: "Scott Liebergen" <scott () newlug org>
Date: Thu, 20 Feb 2003 21:19:24 -0600 (CST)

mod_proxy is very powerful , but when it comes to security I wouldn't
use it use it to protect another server as it had some problems in the
past .


In addition to  mod_proxy, you can also use mod_rewrite to lock down what
can be requested and what can't. Our developers had content directories
scattered all over the place on the backend IIS servers. We used apache as
a reverse proxy on a Linux server with mod_rewrite to serve as a security
mechanism to only allow legit requests. This is pretty much what that tool
released by MS did a year or two ago for IIS servers. We had a nice
rewrite list built thanks to the wonderful directory placement of our
development team  ;-)

Cheers,
Scott

Current thread:

Securing a webserver through reverse proxy? Security (Feb 19)
- Re: Securing a webserver through reverse proxy? Adam McCarthy (Feb 20)
- Re: Securing a webserver through reverse proxy? Alejandro Flores (Feb 20)
  - Re: Securing a webserver through reverse proxy? brian_carpio (Feb 20)
  - Re: Securing a webserver through reverse proxy? theog (Feb 20)
    - Re: Securing a web server through reverse proxy? Scott Liebergen (Feb 22)
- <Possible follow-ups>
- RE: Securing a webserver through reverse proxy? Alisson Leite de Morais Veras (Feb 22)