Back to Security Pattern Catalog
Proxy Based Firewall
: Exterior Security, Information Disclosure
Packet Filter Firewall only inspects the network addresses when deciding whether to allow access for a request. We can only block supposedly malicious sites. It is hard to know about all of those sites, and we need further defense mechanisms. Also, how do we protect our network from potential attacks that might be embedded within the data segment of the packets?
Make the client interact only with a proxy of the service requested, which in turn communicates with the protected service. The client can only receive service from the server if an application proxy exists for the requested service. Each application proxy has its own access rules pre-defined by the administrator that may be used to authenticate, inspect, change, and filter the incoming (or outgoing) messages.
Some specific firewall products that use application proxies are Pipex Security Firewalls and InterGate Firewall. The SOCKS Protocol from IETF, although not intended as a firewall, uses a similar principle.
Packet Filter Firewall, Stateful Firewall
Firewall, Filtering, Access Control
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz