Re: reverse proxy best solution?

From: Nick Urbanik <nicku@dont-contact.us>
Date: Tue, 20 Jul 1999 10:49:40 +0800

Merton Campbell Crockett wrote:

> NU} seems this exposes our data server to some risks. I've grepped all
> NU} Squid's documentation for "reverse" and came up with nothing helpful.
> NU}
> NU} Any pointers to any ideas would be most appreciated.
>
> I use Apache running on a BSD/OS 4.0.1 system to proxy all web content on
> Microsoft IIS systems behind a firewall. My requirements were undoubtedly
> different as a secure communication (encrypted) path was only required
> when traversing a public network. Also, i am required to authenticate all
> external users before granting access.
>
> Apache configured as a reverse proxy provides access to web servers (IIS,
> Netscape, Apache, CERN, etc.) on the LAN behind the firewall. Squid
> provides the "Web Client" side of the equation, allowing users on the LAN
> to access Web sites on the Internet.

Please note that the College already provides proxies for internal users to
access web sites on the Internet. We just want to provide secure access to our
web server to external users (and also to provide access to the web server to
internal users also). The web server uses authentication to limit access to
particular programs and apache Perl modules that access the data server. Much
of the data is encrypted with SSL too. I guess that excludes http_gw.

So you would say that Squid is unsuitable as a reverse proxy and that I should
use Apache instead?

--
Nick Urbanik, Dept. of Electrical & Communications Engineering
Hong Kong Institute of Vocational Education (Tsing Yi)
email: nicku@vtc.edu.hk, nicku@iohk.com
Tel:   (852) 2436 8660, (825) 2436 8674   Fax: (852) 2436 8643
Received on Mon Jul 19 1999 - 20:24:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:28 MST