![]() ![]() You can use multiple proxy servers within an organization to balance the network load among web servers. ![]() In addition to SSL, the proxy can use client authentication, which requires that a computer making a request to the proxy provides a certificate (or form of identification) to verify its identity. ![]() In this scenario, your proxy server can act like a secure channel between sites with the additional security of client authentication (see Figure 14-4).įigure 14-4 Secure client connection to proxy and secure proxy connection to content serverįor information on how to set up each of these configurations, see Setting up a Reverse Proxy. This scenario is effective if the information exchanged between the server, proxy and client needs to be secure. Secure client to proxy and secure proxy to content server.The unauthorized user can not get to the real content server because the firewall passage allows only the proxy server to have access.įigure 14-1 A reverse proxy appears to be the real content serve r In the unlikely event of a successful attack, the perpetrator is more likely to be restricted to only the information involved in a single transaction, as opposed to having access to the entire database. In this way, the proxy provides an additional barrier between the secure database and the possibility of malicious attack. This prevents external clients from getting redirection URLs to the internal content server. If the content server returns an error message, the proxy server can intercept the message and change any URLs listed in the headers before sending the message to the client. The proxy sends the retrieved information to the client, as if the proxy were the actual content server (see Figure 14-1). The content server passes the result through the passage back to the proxy. The proxy server then sends the client’s request through a specific passage in the firewall to the content server. When a client makes a request to your site, the request goes to the proxy server. The proxy server resides outside the firewall, and appears to the client to be the content server. The real content resides on your content server, safely inside the firewall. When outside clients try to access the content server, they are sent to the proxy server instead. If you have a content server that has sensitive information that must remain secure, such as a database of credit card numbers, you can set up a proxy outside the firewall as a stand–in for your content server. Both of these models differ from the conventional proxy usage in that they do not operate strictly on a firewall. One model takes advantage of Proxy Server’s security features to handle transactions, and the other makes use of its caching features to provide load balancing on a heavily used server. There are two models for reverse proxying. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |