|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Reverse Proxy Server?
From: Don Felgar (dfelgar
rainier-infosys.com)
Date: Tue May 27 2003 - 11:50:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, May 27, 2003, Dean Thompson wrote:
> I hope this is the right place to post this...
>
> We develop numerous internal web applications that we occasionally need to
> publish to customers. In very sensitive scenarios, we will force them to
> use a VPN to connect. In others, we just publish a server/app beyond the
> firewall. I would like to see a solution that could handle both scenarios
> easily, and would not require that I put multiple servers or apps outside
> the firewall.
>
> My thoughts were to use something like what Anonymizer
> (http://www.anonymizer.com) does. Essentially, it just forwards requests
> for you, and returns the information to you. So, if someone out there went
> to http://mydomain.com and logged in, they could then go to
> http://mydomain.com?server=someserver (or something like that). Does
> anyone out there know of a tool like this that is already available? I
> would prefer a Windows platform, but 'nix is acceptable.
>
> Thanks,
> Dean
You can also give the webserver in question a public IP address, put
it behind a firewall, and configure the firewall to allow access to
the necessary IP addresses only. This will work either with or
without a VPN. This has the added benefit of excluding attacks on
ports 80 and/or 443, but a drawback in that you must know in advance
what IP addresses to allow.
If you cannot know if advance what IP addresses to let through, you
can authenticate the client on a public webserver, and upon success
poke a hole in the firewall for that specific IP address and then
redirect the client.
Incidentally a drawback to port-forwarding type schemes is that all
traffic appears to originate from a single IP address from the point
of view of the webserver, reducing the utility of logfiles. I don't
know of Squid reverse proxy has this effect or not. Don't learn this
the hard way as I did.
--Don
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]