Re: Reverse proxy

Dave Hecht Tue, 18 May 1999 08:25:34 -0700
We use Novell's Border Manager Enterprise to reverse proxy several sites and are very 
happy with the speed and security it provides.  Via this system no end user directly 
touches the web server, they only hit the cached version on the proxy. We have played 
around with making changes to the site itself and have experienced almost 
instantaneous updates of the cache.  The exception to this was if a change did not 
alter the size of the file - looks like a bug to me!  The cache is updated if it 
contains a different version of a file than the real server and the cache, of course, 
has no write rights to the server so you are fairly safe that original content cannot 
be altered.  If cached copy is changed (ie hacked) the proxy will note the change and 
pull originals from the server, overwriting the "bastardized" copy upon the next 
request.

The drawback is that the web server will only see one IP address accessing it - the 
proxy server.  This, of course assumes you have the web server on a private net and 
are not using a static NAT address for the web box.  Border Manager will create common 
log files which can be read by any (we use WebTrends) analyzer to get around that 
problem.

Sorry if I sound like a Novell commercial - but I do like this product.

Dave




Dave Hecht
Sr. Systems Analyst
City of Bakersfield
(805)326-3726 voice
(805)852-2063 fax


>>> "christian ALT (span)" <[EMAIL PROTECTED]> 5/18/99 6:41:03 AM >>>
We are currently evaluating solutions for reverse proxy. A reverse proxy is a public 
access to an internal web server through a proxy server. The request are directed from 
Internet to the proxy and then redirected to an internal web server. We agree that 
this solution is not the most secure.

It was difficult to find information about this structure. We have seen some posting 
about solutions using

- Netscape proxy
- Squid
- Apache
- MS-proxy

But my impressions are that some point such as performances and security are still an 
issue. We would be glad if some people would like to share their experience regarding 
performance and viability of such solutions.

TIA for any help

                            ChA

________________________________________________________________
Christian ALT                                 go to security alert:    
http://www.tla.ch/alert 
Telecom and Logistics Associates
10, rue des Savoises   CH-1205 Geneva
Phone +41 22 328 14 88      E-mail: [EMAIL PROTECTED]             http://www.tla.ch

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Re: Reverse proxy

Reply via email to
