+ Post New Thread
Results 1 to 13 of 13
Internet Related/Filtering/Firewall Thread, Reverse Proxy in Technical; Hi, In the days where Public IP's are scarce and you have to jump through hoops to get them, I ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454

    Reverse Proxy

    Hi,

    In the days where Public IP's are scarce and you have to jump through hoops to get them, I was wondering if anyone is using a reverse proxy to get around this issue? What did you use and what was your experience like please?

    Thanks

  2. #2
    MattRVBC's Avatar
    Join Date
    Jul 2011
    Location
    Lancashire
    Posts
    22
    Thank Post
    6
    Thanked 3 Times in 3 Posts
    Rep Power
    7
    I did investigate this briefly a few months ago and decided against it in the end. The main reason being the fact that this would be a public facing proxy which would be potentially accessible to anyone on the internet therefore wide open to potential attack and exploit.

  3. Thanks to MattRVBC from:

    FN-GM (24th July 2014)

  4. #3

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,655
    Thank Post
    1,259
    Thanked 783 Times in 680 Posts
    Rep Power
    236
    Quote Originally Posted by FN-GM View Post
    In the days where Public IP's are scarce and you have to jump through hoops to get them, I was wondering if anyone is using a reverse proxy to get around this issue?
    I think I'd decided on Pound in the end:

    Apsis Gmbh

    Handily, it can act as an HTTPS frontend to an HTTP-only service, so you can force something to use HTTPS even if it doesn't have built-in support.

  5. Thanks to dhicks from:

    FN-GM (24th July 2014)

  6. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454
    Quote Originally Posted by MattRVBC View Post
    I did investigate this briefly a few months ago and decided against it in the end. The main reason being the fact that this would be a public facing proxy which would be potentially accessible to anyone on the internet therefore wide open to potential attack and exploit.
    You can lock it down with firewall rules though. For example make it so it can only access updates on the internet.

  7. #5
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    257
    Thank Post
    41
    Thanked 26 Times in 22 Posts
    Rep Power
    43
    Just setup our Smoothwall box the other day to do this. It was really easy, you just turn it on, give the external address and then the internal IP and it just worked.

    Brilliant if you have Smootwall already

  8. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454
    We have a smoothwall but our DMZ is on the wrong side of it.

    We have 2 firewalls and our DMZ is between the 2. The smoothwall being the inner firewall.

  9. #7

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,655
    Thank Post
    1,259
    Thanked 783 Times in 680 Posts
    Rep Power
    236
    Quote Originally Posted by dhicks View Post
    Handily, it can act as an HTTPS frontend to an HTTP-only service, so you can force something to use HTTPS even if it doesn't have built-in support.
    Just configuring this now. It's worth pointing out that all communication between Pound and the services it is proxying (i.e. your current web servers) is via HTTP, not HTTPS. That should, of course, be over your internal network, and if you are putting all traffic to your web servers through the proxy server anyway, even internal traffic, you can firewall / VLAN off your webservers so that they only respond to the proxy server and keep theat HTTP traffic securly away from any other traffic, but it's something to consider.

  10. #8
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    337
    Thank Post
    5
    Thanked 35 Times in 30 Posts
    Rep Power
    23
    Do you have a dedicated IP for web access already?
    My webserver runs on apache so I’m using the apache proxy modules.

    We do have an external ip dedicated to our website that forwards to an apache server. From there I can serve the main webpage, or reverse proxy to other internal web services.
    I have entries such as /hap and /moodle that will reverse proxy those sites through the single address.
    I’ve found some things just don’t work well with a proxy though. What web services are you try to reverse proxy?

  11. #9

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,935
    Thank Post
    138
    Thanked 290 Times in 210 Posts
    Rep Power
    193
    Use UAG. It does the job and some more but has its limitations. Not going to be replaced tho.

    Server 2012 R2 Web Application Proxy is the replacement.

  12. #10

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,635
    Thank Post
    49
    Thanked 463 Times in 338 Posts
    Rep Power
    140
    Sonicwall SRA series, set it and forget it.

  13. #11

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454
    Quote Originally Posted by m25man View Post
    Sonicwall SRA series, set it and forget it.
    I thought the SRA series are VPN appliances?

  14. #12

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,635
    Thank Post
    49
    Thanked 463 Times in 338 Posts
    Rep Power
    140
    Quote Originally Posted by FN-GM View Post
    I thought the SRA series are VPN appliances?
    SSL VPN is just one of their functions.
    The latest OS has an HTML5 RDP client so you can log in to the SRA with two factor or AD login then get a predefined RDS session to a windows box from an iPad!

    With WOL we pre-configure RDP sessions to specific PCs eliminating the need for RDS Servers and licensing so the Head can go home login to there own school PC from any device over SSL.

    With Application offloading its also possible to access different HTTPS apps over the one SSL connection using a single IP and port.

  15. #13

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454
    Quote Originally Posted by m25man View Post
    SSL VPN is just one of their functions.
    The latest OS has an HTML5 RDP client so you can log in to the SRA with two factor or AD login then get a predefined RDS session to a windows box from an iPad!

    With WOL we pre-configure RDP sessions to specific PCs eliminating the need for RDS Servers and licensing so the Head can go home login to there own school PC from any device over SSL.

    With Application offloading its also possible to access different HTTPS apps over the one SSL connection using a single IP and port.
    I know that, we used to use them. But that kind of stuff requires a login. The general public won't be able to access that stuff.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 0
    Last Post: 2nd November 2007, 09:58 AM
  2. Reverse proxying SSH...
    By Joedetic in forum Wireless Networks
    Replies: 7
    Last Post: 6th August 2007, 11:56 AM
  3. Reverse Proxy and Moodle
    By wesleyw in forum How do you do....it?
    Replies: 3
    Last Post: 11th June 2007, 01:49 PM
  4. Reverse Proxying with Apache.
    By maniac in forum Web Development
    Replies: 7
    Last Post: 5th April 2007, 11:04 AM
  5. reverse proxy ajax apps
    By CyberNerd in forum Web Development
    Replies: 3
    Last Post: 15th June 2006, 07:32 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •