Some more info on Rproxy's http://www.ists.dartmouth.edu/IRIA/projects/jeanne.htm http://developer.netscape.com/docs/manuals/proxy/adminux/revpxy.htm http://home.ie.cuhk.edu.hk/~msng0/twhttpd/ http://www.monkeys.com/security/proxies/
cheers Ivan >>> "David Cullen" <[EMAIL PROTECTED]> 05/23/02 07:06am >>> Hi Joe, 1)This article discusses the pros and cons of Reverse Proxy. Uses an Apache Server for implementation purposes. The article may give you a few ideas: A Reverse Proxy Is A Proxy By Any Other Name http://rr.sans.org/web/reverse_proxy.php 2)Book: Web Proxy Servers, Ari Luotonen. ISBN: 0136806120 3)Vendor: CacheFlow. http://www.cacheflow.com/support/config/reverse/index.cfm Regards, David [EMAIL PROTECTED] -----Original Message----- From: Joe McCray [mailto:[EMAIL PROTECTED]] Sent: May 21, 2002 9:46 AM To: [EMAIL PROTECTED] Subject: Penetrating a reverse proxy Having never dealt with attacking a reverse proxy, and just now reading about the benefits of Reverse Proxy, and Secure Reverse Proxy at: http://developer.netscape.com/docs/manuals/proxy/adminux/revpxy.htm Does anyone know of any good websites, books, or other material that may be relevant for attempting to penetrate a database server that is behind a Reverse Proxy. This concept of the reverse proxy being able to: Quote from the above website link- If the content server returns an error message, the proxy server can intercept the message and change any URLs listed in the headers before sending the message to the client. This prevents external clients from getting redirection URLs to the internal content server. I haven't been asked to attempt to penetrate the web proxy, but the potential is there that I may be asked to attempt it in the future. I'd like to know where I can do some reading on the subject. Joe McCray CCNA, Windows 2000 MCSE www.hardestworkingmanonline.com ________________________________________________________________ Sent via hardestworkingmanonline.com *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. **********************************************************************
