|
What is Reverse Proxy?
There are three excellent reasons to switch to a Reverse Proxy Server right away:
- Protect all of the sensitive data on your servers;
- Have only one gateway to the outside world;
- Ease the load on your web server by allowing the reverse proxy server to distribute the requests.
Figure 1 below presents a simplified setup of a Reverse Proxy Server.
The function of a Reverse Proxy Server is to hide your real servers.
In Figure 1, we see that the main server can talk to the HTTP and
SMTP servers, but the Internet User cannot directly talk to these
systems.
How does it work?
The Reverse Proxy Server is setup to:
- Accept connections from any Internet Users;
- Connect and accept connections from your Intranet servers.
The Reverse Proxy Server adds an extra line of defense in the war to protect
your data. It will be directly accessible by anyone, including highly skilled
hackers. But as your data is kept on a separate server, behind another, more
complex firewall, it will be kept safe. The Reverse Proxy Server is versatile
since it usually accepts connections for many different services such as
HTTP, HTTPS, DNS, SMTP, FTP, SSH, NTP, etc.
Important Note: To avoid serious problems, the main server and its
protection should be kept up to date and be monitored continuously in order
to ensure that no hacker is gaining access. If you already have multiple Web
servers, a reverse proxy system can greatly reduce your monitoring needs,
since only that one computer can be used to access any other system.
Figure 1—Reverse Proxy Organization
Now, your HTTP, SMTP and other servers can be moved behind another firewall
and connection wise, they can be setup to only accept the bare minimum from
the main server: HTTP and HTTPS for a Web server, SMTP for a mail server,
and so on. Thus, these servers can manage sensitive content such as your
clients' credit card or social security numbers much more securely.
The Reverse Proxy Server answers Internet Users requests by forwarding them
to the proper back end servers (forward proxy for your Internet Users).
When a back end server replies, the Reverse Proxy Server transforms the
answer so it looks as if it generated that answer. The result is that this
entire process remains totally transparent to the outside world.
Our Solution
We will implement your Reverse Proxy Server for your current Web servers
using Linux and Apache. We can also take care of the hardware. Note that
your existing systems can remain the way they are. Our reverse proxy
server solution works well with MS Servers, Sun OS, Mac OS/X, IRIX, etc.
However, we cannot guarantee the quality of the firewalls on systems
other than Linux.
Linux comes with a powerful firewall which is easy to setup. Software
wise, it can also be setup with the bare minimum of what you need to
run just and only a Reverse Proxy Server for the services that you want
to offer your Internet Users.
Apache is not only a free Web server, it is also very secure. Breaches
get fixed within hours after being found and you can then update your
install. It also has had support for forward and reverse proxy for many
years and thus that server is a perfect match for a Reverse Proxy Server.
Links:
|
