Internet Related/Filtering/Firewall Thread, Reverse Proxy in Technical; Hi,
In the days where Public IP's are scarce and you have to jump through hoops to get them, I ...
16th July 2014, 08:39 AM #1
In the days where Public IP's are scarce and you have to jump through hoops to get them, I was wondering if anyone is using a reverse proxy to get around this issue? What did you use and what was your experience like please?
16th July 2014, 09:24 AM #2
I did investigate this briefly a few months ago and decided against it in the end. The main reason being the fact that this would be a public facing proxy which would be potentially accessible to anyone on the internet therefore wide open to potential attack and exploit.
16th July 2014, 10:07 AM #3
I think I'd decided on Pound in the end:
Originally Posted by FN-GM
Handily, it can act as an HTTPS frontend to an HTTP-only service, so you can force something to use HTTPS even if it doesn't have built-in support.
24th July 2014, 07:16 PM #4
You can lock it down with firewall rules though. For example make it so it can only access updates on the internet.
Originally Posted by MattRVBC
24th July 2014, 11:16 PM #5
Just setup our Smoothwall box the other day to do this. It was really easy, you just turn it on, give the external address and then the internal IP and it just worked.
Brilliant if you have Smootwall already
24th July 2014, 11:23 PM #6
We have a smoothwall but our DMZ is on the wrong side of it.
We have 2 firewalls and our DMZ is between the 2. The smoothwall being the inner firewall.
25th July 2014, 01:09 PM #7
Just configuring this now. It's worth pointing out that all communication between Pound and the services it is proxying (i.e. your current web servers) is via HTTP, not HTTPS. That should, of course, be over your internal network, and if you are putting all traffic to your web servers through the proxy server anyway, even internal traffic, you can firewall / VLAN off your webservers so that they only respond to the proxy server and keep theat HTTP traffic securly away from any other traffic, but it's something to consider.
Originally Posted by dhicks
25th July 2014, 02:29 PM #8
Do you have a dedicated IP for web access already?
My webserver runs on apache so I’m using the apache proxy modules.
We do have an external ip dedicated to our website that forwards to an apache server. From there I can serve the main webpage, or reverse proxy to other internal web services.
I have entries such as /hap and /moodle that will reverse proxy those sites through the single address.
I’ve found some things just don’t work well with a proxy though. What web services are you try to reverse proxy?
25th July 2014, 02:36 PM #9
Use UAG. It does the job and some more but has its limitations. Not going to be replaced tho.
Server 2012 R2 Web Application Proxy is the replacement.
25th July 2014, 09:12 PM #10
Sonicwall SRA series, set it and forget it.
25th July 2014, 10:16 PM #11
I thought the SRA series are VPN appliances?
Originally Posted by m25man
Last Post: 2nd November 2007, 09:58 AM
By Joedetic in forum Wireless Networks
Last Post: 6th August 2007, 11:56 AM
By wesleyw in forum How do you do....it?
Last Post: 11th June 2007, 01:49 PM
By maniac in forum Web Development
Last Post: 5th April 2007, 11:04 AM
By CyberNerd in forum Web Development
Last Post: 15th June 2006, 07:32 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)