As more and more attacks are being carried out over the HTTP layer there is a growing need to push the envelope and bring Web security to new levels. Most existing tools work on the TCP/IP level, failing to use the . . .
As more and more attacks are being carried out over the HTTP layer there is a growing need to push the envelope and bring Web security to new levels. Most existing tools work on the TCP/IP level, failing to use the specifics of the HTTP protocol in their operation. The need for increased security has lead to the creation of application gateways, tools that are essentially reverse proxies with the added capability of protocol analysis. Many commercial solutions are available. This article will demonstrate how you can build your own application gateway with little effort, using open source components that are widely available.

Our task is to protect one or more Web servers residing on an internal network, providing services to outside clients. Internal clients, such as employees are also considered to be outside clients for the purpose of this article. We are working under the assumption that you have at least two or more Web servers, a database server, and possibly other internal servers. The more servers there are, the more useful the reverse proxy concept becomes.

A proxy, by definition, is a device that stands between two entities participating in a conversation. What is normally called a proxy in everyday life is better described as a forward proxy: a device that stands between a client and all other servers. A reverse proxy does exactly the opposite: it stands between a server and all its clients. In a wider sense, one reverse proxy will be used for all internal Web servers.

The link for this article located at SecurityFocus is no longer available.