Hosting Provided By

Re: Reverse Proxy Server?

From: Don Felgar <dfelgar(at)rainier-infosys.com>
Date: Tue May 27 2003 - 12:50:45 EDT

On Tue, May 27, 2003, Dean Thompson wrote:
> I hope this is the right place to post this...

You can also give the webserver in question a public IP address, put it behind a firewall, and configure the firewall to allow access to the necessary IP addresses only. This will work either with or without a VPN. This has the added benefit of excluding attacks on ports 80 and/or 443, but a drawback in that you must know in advance what IP addresses to allow.

If you cannot know if advance what IP addresses to let through, you can authenticate the client on a public webserver, and upon success poke a hole in the firewall for that specific IP address and then redirect the client.

Incidentally a drawback to port-forwarding type schemes is that all traffic appears to originate from a single IP address from the point of view of the webserver, reducing the utility of logfiles. I don't know of Squid reverse proxy has this effect or not. Don't learn this the hard way as I did.

--Don Received on Tue May 27 15:56:54 2003

This message: [ Message body ]
Next message: Neil Kohl: "Re: Reverse Proxy Server?"
Previous message: Stig Palmquist: "Re: Reverse Proxy Server?"
In reply to: Dean Thompson: "Reverse Proxy Server?"
Next in thread: Bob Lee: "Re: Reverse Proxy Server?"
Reply: Bob Lee: "Re: Reverse Proxy Server?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:51 EDT