Hi
A RP should (depending on implementation & product etc) add to the overall
security of your site. This is because it forces all traffic passing through
it to be HTTP compliant. This means that if your web server becomes
compromised (eg through a cgi or script vulnerability) and someone installs
netcat on it, the RP will prevent them having a telnet session (on port 443)
to a command prompt on your web server. This is because the session wouldn't
be http so it wouldn't be passed by the RP.
In an ideal world you would have the SSL/TLS session terminating at the
reverse proxy and another session being created between it and the web
server it's talking to. Most reverse proxy products don't have this
capability in them, however I have heard (haven't checked it out) that
Netscape has/had a product that can do this. (Maybe sun's iplanet proxy ?).
As the list well knows, security is risk management, and if you can do
something to reduce that risk, then it will be more secure.
Cheers,
Alex Hague
-----Original Message-----
From: Peter Bruderer [mailto:[EMAIL PROTECTED]]
Sent: Friday, 16 February 2001 00:19
To: [EMAIL PROTECTED]
Subject: Reverse proxy
Hi there
I am in a discussion about using a reverse proxy or not.
The situation: A browser connects to a webserver which transfers the
HTTP requests into SQL queries using stored procedures. The connection
from the browser to the webserver is encrypted (SSL/TLS). Between the
browser and the webserver and between the webserver and the database
server is a firewall. This firewall does IP defragmentation and acts
as a SYN proxy.
(B)+++(FW)+++(HTTPS-SQL)---(FW)---(DB)
++ = HTTPS
-- = SQL
One stance: To increase security some people want to put a reverse
proxy between the browser and the webserver. The reverse proxy
terminates the SSL connection and passes standard HTTP to the
webserver. The reason: buffer overflows are stopped at the reverse
proxy. A network based IDS can detect attacks in the datastream.
(B)+++(FW)+++(RP)...(FW)...(HTTP-SQL)---(FW)---(DB)
+++ = HTTPS
... = HTTP
--- = SQL
The stance of my side: Just to increase security the additional
reverse proxy is useless. Reason: It does no protocol conversion,
it does no authentication. Buffer overflow attacks are not stopped
at the reverse proxy, because it is just copying data from one socket
to an other after decryting it. Low level IP attacks are handled by
the firewall. Attacks in the datastream are detected in the webserver
logfiles.
>From the people wanting the additional reverse proxy I do not get any
facts. The only reason for the reverse proxy is: "I have the feeling ..."
Am I wrong? Do I overlook something? Can someone give me some facts
why the additional reverse proxy really increases security?
Thanks
Peter
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
