Back to Security Pattern Catalog
Protection Reverse Proxy
: Perimeter Security, Tampering
A packet filter firewall provides protection at the network layer, but application layer vulnerabilities of a protocol can still be exploited.
How can you protect your server infrastructure in the light of its potential vulnerability to attacks using its application layer protocol?
Create a firewall combination with two packet filter firewalls with a reverse proxy in between. The reverse proxy will create a demilitarized zone between the firewall. The outer firewall will only allow HTTP port access to reverse proxy. The reverse proxy will perform application layer checking and forward the valid packets only to the inner firewall. The inner firewall only accepts requests from the reverse proxy. The inner firewall separates the server area from the demilitarized zone.
IBM’s Tivoli Access Manager.
Single Access Point, Defense in Depth, Demilitarized Zone
Reverse Proxy, DMZ, Firewall
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz