Made to Order Software Corporation Logo
Home

Increase Security with a Reverse Proxy Server

Mon, 05/22/2006 - 00:00 —

What is Reverse Proxy?

There are three excellent reasons to switch to a Reverse Proxy Server right away:

  1. Protect all of the sensitive data on your servers;
  2. Have only one gateway to the outside world;
  3. Ease the load on your web server by allowing the reverse proxy server to distribute the requests.

Figure 1 below presents a simplified setup of a Reverse Proxy Server.

The function of a Reverse Proxy Server is to hide your real servers. In Figure 1, we see that the main server can talk to the HTTP and SMTP servers, but the Internet User cannot directly talk to these systems.

How does it work?

The Reverse Proxy Server is setup to:

  1. Accept connections from any Internet Users;
  2. Connect and accept connections from your Intranet servers.

The Reverse Proxy Server adds an extra line of defense in the war to protect your data. It will be directly accessible by anyone, including highly skilled hackers. But as your data is kept on a separate server, behind another, more complex firewall, it will be kept safe. The Reverse Proxy Server is versatile since it usually accepts connections for many different services such as HTTP, HTTPS, DNS, SMTP, FTP, SSH, NTP, etc.

Important Note: To avoid serious problems, the main server and its protection should be kept up to date and be monitored continuously in order to ensure that no hacker is gaining access. If you already have multiple Web servers, a reverse proxy system can greatly reduce your monitoring needs, since only that one computer can be used to access any other system.

 

Reverse proxy sample.
Figure 1—Reverse Proxy Organization

 

Now, your HTTP, SMTP and other servers can be moved behind another firewall and connection wise, they can be setup to only accept the bare minimum from the main server: HTTP and HTTPS for a Web server, SMTP for a mail server, and so on. Thus, these servers can manage sensitive content such as your clients' credit card or social security numbers much more securely.

The Reverse Proxy Server answers Internet Users requests by forwarding them to the proper back end servers (forward proxy for your Internet Users). When a back end server replies, the Reverse Proxy Server transforms the answer so it looks as if it generated that answer. The result is that this entire process remains totally transparent to the outside world.

Our Solution

We will implement your Reverse Proxy Server for your current Web servers using Linux and Apache. We can also take care of the hardware. Note that your existing systems can remain the way they are. Our reverse proxy server solution works well with MS Servers, Sun OS, Mac OS/X, IRIX, etc. However, we cannot guarantee the quality of the firewalls on systems other than Linux.

Linux comes with a powerful firewall which is easy to setup. Software wise, it can also be setup with the bare minimum of what you need to run just and only a Reverse Proxy Server for the services that you want to offer your Internet Users.

Apache is not only a free Web server, it is also very secure. Breaches get fixed within hours after being found and you can then update your install. It also has had support for forward and reverse proxy for many years and thus that server is a perfect match for a Reverse Proxy Server.

Links:

Comments

Post new comment

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.