From: Amit Klein (Amit.KleinSanctumInc.com)
Date: Mon Jun 09 2003 - 02:49:53 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi Amit

> There's a slight difference in the implementation though. We do
    not change
> the HTML pages so that links are pointing at AppShield. Rather,
    we let
> AppShield (instead of the original web server) have the IP that
    is exposed
> to the Internet, and then have AppShield forward the request to
    the web
> server (which is not accessible from the Internet). Thus, the
    HTML pages are
> not modified. In AppShield, we compare an incoming request to the
    links that
> we extracted from the HTML pages, and if a match is found, we
    forward the
> request.

    I think we both mean different applications. You seem to be talking
    about
    a reverse proxy that is typically put into a DMZ and lets people
    from the
    Internet (or other external networks) access web servers in a company's
    internal network by mapping their web space into the proxy's web space.

    I, on the other hand, was talking about a proxy that would be used
    to let
    people from an internal network access the Internet without having any
    client-provided information leaving to the Internet (and thereby
    ensuring
    that no hostile data like URL-based exploits threaten third parties'
    public web servers).

You're right - AppShield is a reverse proxy, and I assumed this was the
subject of the thread (whose title is "Reverse Proxy and Link
Encoding"). I think you're talking about forward proxy. In the past,
Sanctum considered the idea you suggested (that is, to offer a flavour
of AppShield as a forward proxy server, protecting external sites from
hacking from the internal zone), but this is not currently offered in
AppShield. I suppose if there's a considerable traction to this feature,
that we will reconsider.

Thanks,
-Amit

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]