+ Post New Thread
Results 1 to 11 of 11
Internet Related/Filtering/Firewall Thread, Reverse Proxy in Technical; Hi, In the days where Public IP's are scarce and you have to jump through hoops to get them, I ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,844
    Thank Post
    876
    Thanked 1,680 Times in 1,460 Posts
    Blog Entries
    12
    Rep Power
    444

    Reverse Proxy

    Hi,

    In the days where Public IP's are scarce and you have to jump through hoops to get them, I was wondering if anyone is using a reverse proxy to get around this issue? What did you use and what was your experience like please?

    Thanks

  2. #2
    MattRVBC's Avatar
    Join Date
    Jul 2011
    Location
    Lancashire
    Posts
    22
    Thank Post
    6
    Thanked 3 Times in 3 Posts
    Rep Power
    7
    I did investigate this briefly a few months ago and decided against it in the end. The main reason being the fact that this would be a public facing proxy which would be potentially accessible to anyone on the internet therefore wide open to potential attack and exploit.

  3. Thanks to MattRVBC from:

    FN-GM (24th July 2014)

  4. #3

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,622
    Thank Post
    1,240
    Thanked 777 Times in 674 Posts
    Rep Power
    235
    Quote Originally Posted by FN-GM View Post
    In the days where Public IP's are scarce and you have to jump through hoops to get them, I was wondering if anyone is using a reverse proxy to get around this issue?
    I think I'd decided on Pound in the end:

    Apsis Gmbh

    Handily, it can act as an HTTPS frontend to an HTTP-only service, so you can force something to use HTTPS even if it doesn't have built-in support.

  5. Thanks to dhicks from:

    FN-GM (24th July 2014)

  6. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,844
    Thank Post
    876
    Thanked 1,680 Times in 1,460 Posts
    Blog Entries
    12
    Rep Power
    444
    Quote Originally Posted by MattRVBC View Post
    I did investigate this briefly a few months ago and decided against it in the end. The main reason being the fact that this would be a public facing proxy which would be potentially accessible to anyone on the internet therefore wide open to potential attack and exploit.
    You can lock it down with firewall rules though. For example make it so it can only access updates on the internet.

  7. #5
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    257
    Thank Post
    41
    Thanked 26 Times in 22 Posts
    Rep Power
    43
    Just setup our Smoothwall box the other day to do this. It was really easy, you just turn it on, give the external address and then the internal IP and it just worked.

    Brilliant if you have Smootwall already

  8. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,844
    Thank Post
    876
    Thanked 1,680 Times in 1,460 Posts
    Blog Entries
    12
    Rep Power
    444
    We have a smoothwall but our DMZ is on the wrong side of it.

    We have 2 firewalls and our DMZ is between the 2. The smoothwall being the inner firewall.

  9. #7

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,622
    Thank Post
    1,240
    Thanked 777 Times in 674 Posts
    Rep Power
    235
    Quote Originally Posted by dhicks View Post
    Handily, it can act as an HTTPS frontend to an HTTP-only service, so you can force something to use HTTPS even if it doesn't have built-in support.
    Just configuring this now. It's worth pointing out that all communication between Pound and the services it is proxying (i.e. your current web servers) is via HTTP, not HTTPS. That should, of course, be over your internal network, and if you are putting all traffic to your web servers through the proxy server anyway, even internal traffic, you can firewall / VLAN off your webservers so that they only respond to the proxy server and keep theat HTTP traffic securly away from any other traffic, but it's something to consider.

  10. #8
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    325
    Thank Post
    5
    Thanked 33 Times in 28 Posts
    Rep Power
    23
    Do you have a dedicated IP for web access already?
    My webserver runs on apache so I’m using the apache proxy modules.

    We do have an external ip dedicated to our website that forwards to an apache server. From there I can serve the main webpage, or reverse proxy to other internal web services.
    I have entries such as /hap and /moodle that will reverse proxy those sites through the single address.
    I’ve found some things just don’t work well with a proxy though. What web services are you try to reverse proxy?

  11. #9

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,934
    Thank Post
    138
    Thanked 290 Times in 210 Posts
    Rep Power
    193
    Use UAG. It does the job and some more but has its limitations. Not going to be replaced tho.

    Server 2012 R2 Web Application Proxy is the replacement.

  12. #10

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,622
    Thank Post
    49
    Thanked 451 Times in 334 Posts
    Rep Power
    137
    Sonicwall SRA series, set it and forget it.

  13. #11

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,844
    Thank Post
    876
    Thanked 1,680 Times in 1,460 Posts
    Blog Entries
    12
    Rep Power
    444
    Quote Originally Posted by m25man View Post
    Sonicwall SRA series, set it and forget it.
    I thought the SRA series are VPN appliances?

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 0
    Last Post: 2nd November 2007, 09:58 AM
  2. Reverse proxying SSH...
    By Joedetic in forum Wireless Networks
    Replies: 7
    Last Post: 6th August 2007, 11:56 AM
  3. Reverse Proxy and Moodle
    By wesleyw in forum How do you do....it?
    Replies: 3
    Last Post: 11th June 2007, 01:49 PM
  4. Reverse Proxying with Apache.
    By maniac in forum Web Development
    Replies: 7
    Last Post: 5th April 2007, 11:04 AM
  5. reverse proxy ajax apps
    By CyberNerd in forum Web Development
    Replies: 3
    Last Post: 15th June 2006, 07:32 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •