Re: Securing a web server through reverse proxy?

From: Scott Liebergen (scott@newlug.org)
Date: 02/21/03

  • Next message: SimonChan@lifeisgreat.com.sg: "Re: IAS RADIUS service"
    Date: Thu, 20 Feb 2003 21:19:24 -0600 (CST)
    From: "Scott Liebergen" <scott@newlug.org>
    To: <security-basics@securityfocus.com>
    
    

    > mod_proxy is very powerful , but when it comes to security I wouldn't
    > use it use it to protect another server as it had some problems in the
    > past .
    >

    In addition to mod_proxy, you can also use mod_rewrite to lock down what
    can be requested and what can't. Our developers had content directories
    scattered all over the place on the backend IIS servers. We used apache as
    a reverse proxy on a Linux server with mod_rewrite to serve as a security
    mechanism to only allow legit requests. This is pretty much what that tool
    released by MS did a year or two ago for IIS servers. We had a nice
    rewrite list built thanks to the wonderful directory placement of our
    development team ;-)

    Cheers,
    Scott