Back to Security Pattern Catalog




Proxy Based Firewall


Classification Key : Exterior Security, Information Disclosure

Problem

Packet Filter Firewall only inspects the network addresses when deciding whether to allow access for a request. We can only block supposedly malicious sites. It is hard to know about all of those sites, and we need further defense mechanisms. Also, how do we protect our network from potential attacks that might be embedded within the data segment of the packets?

Solution

Make the client interact only with a proxy of the service requested, which in turn communicates with the protected service. The client can only receive service from the server if an application proxy exists for the requested service. Each application proxy has its own access rules pre-defined by the administrator that may be used to authenticate, inspect, change, and filter the incoming (or outgoing) messages.

Known Uses

Some specific firewall products that use application proxies are Pipex Security Firewalls and InterGate Firewall. The SOCKS Protocol from IETF, although not intended as a firewall, uses a similar principle.

Related Patterns

Packet Filter Firewall, Stateful Firewall

Source

Wiley Book

Tags

Firewall, Filtering, Access Control


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz