Back to Security Pattern Catalog




Protection Reverse Proxy


Classification Key : Perimeter Security, Tampering

Problem

A packet filter firewall provides protection at the network layer, but application layer vulnerabilities of a protocol can still be exploited. How can you protect your server infrastructure in the light of its potential vulnerability to attacks using its application layer protocol?

Solution

Create a firewall combination with two packet filter firewalls with a reverse proxy in between. The reverse proxy will create a demilitarized zone between the firewall. The outer firewall will only allow HTTP port access to reverse proxy. The reverse proxy will perform application layer checking and forward the valid packets only to the inner firewall. The inner firewall only accepts requests from the reverse proxy. The inner firewall separates the server area from the demilitarized zone.

Known Uses

IBM’s Tivoli Access Manager.

Related Patterns

Single Access Point, Defense in Depth, Demilitarized Zone

Source

Wiley Book

Tags

Reverse Proxy, DMZ, Firewall


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz