Re: Securing a web server through reverse proxy?
From: Scott Liebergen (scott@newlug.org)
Date: 02/21/03
- Previous message: Luigi Grandini: "Re: Email headers"
- In reply to: theog: "Re: Securing a webserver through reverse proxy?"
- Next in thread: Alisson Leite de Morais Veras: "RE: Securing a webserver through reverse proxy?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Feb 2003 21:19:24 -0600 (CST) From: "Scott Liebergen" <scott@newlug.org> To: <security-basics@securityfocus.com>
> mod_proxy is very powerful , but when it comes to security I wouldn't
> use it use it to protect another server as it had some problems in the
> past .
>
In addition to mod_proxy, you can also use mod_rewrite to lock down what
can be requested and what can't. Our developers had content directories
scattered all over the place on the backend IIS servers. We used apache as
a reverse proxy on a Linux server with mod_rewrite to serve as a security
mechanism to only allow legit requests. This is pretty much what that tool
released by MS did a year or two ago for IIS servers. We had a nice
rewrite list built thanks to the wonderful directory placement of our
development team ;-)
Cheers,
Scott
- Next message: SimonChan@lifeisgreat.com.sg: "Re: IAS RADIUS service"
- Previous message: Luigi Grandini: "Re: Email headers"
- In reply to: theog: "Re: Securing a webserver through reverse proxy?"
- Next in thread: Alisson Leite de Morais Veras: "RE: Securing a webserver through reverse proxy?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
