Rps

Reverse Proxy Server
Local Government Webmasters Meeting March 22, 2007 - Seattle, Washington Prepared by: Steven Niedermeyer Web Systems Analyst, City of Bellingham
Overview
What is a reverse proxy server? Business case highlights Examples of available solutions Considerations when implementing Additional resources
What is a reverse proxy server (RPS)?

Wikipedia defines a reverse proxy as:
A proxy server that is installed within the neighborhood of one or more servers. Typicallyutilized in front of webservers. All connections coming from the Internet addressed to one of the webservers are routed through the proxy server, which may either deal with the request itself or pass the request wholly or partially to [another]webserver.
Example Reverse Proxy Network Diagram

Demilitarized Zone (DMZ)
Internet Browser
Web Application (www.agency.org/permit)
Internet
External Firewall
Reverse Proxy Server (www.agency.org) (https://www.agency.org)
Internal Firewall
Web Application (www.agency.org/video)
Web Application (https://www.agency.org/payment)
Business Case Highlights
Benefits of a reverse proxy server Cost of implementation Potential risks of implementation Potential risks if not implemented
Benefits of an RPS
Increased Security Single SSL certificate Caching and compression Central access logs for reporting
Increased Security
A reverse proxy may be used to prevent Internet clients from having direct access to less secure web servers or applications located on isolated networks or intranets.
Internet Browser
Unsecured Old Webserver (IIS 4.0)
Internet
External Firewall
Hardened Modern Webserver
Internal Firewall
Unsecured or Unstable Web Application
Single SSL certificate

A reverse proxy server may act as a single point for all secure connections. You only need to buy one SSL certificate.
Internet Browser
Permit Payments (https://www.agency.org/permits)
Internet
External Firewall
Reverse Proxy Server (https://www.agency.org)
Internal Firewall
Class Registrations (https://www.agency.org/class)
Utility Payments (https://www.agency.org/utilities)
Caching and Compression

A reverse proxy can:

Offload other webservers by caching static content, such as images. Compress content before delivering it to site visitors to optimize load times.
Central access logs

A reverse proxy server allows for:

Centralized logging of web traffic Single format for access logs Simplified reporting and tracking of performance measures.
www.agency.org (single format access log) Central Location
video.agency.org class.agency.org (Windows Media log format) (IIS format access log) Multiple Locations
www.agency.org (NCSA format access log)
Cost of Implementation
The purchase price of a reverse proxy server solution ranges from free to over tens of thousands of dollars depending on the needs of the agency. Staff time must be invested in implementation, training, and establishing policies to govern the management of this key component of an agencies web presence. The City of Bellingham implemented a solution for just over $11,000 ($9,000 server, $1,500 backup license and FTP software, $1,000 consulting to enable a web application to work with the reverse proxy server)
Potential Risks of Implementation

Implementing a reverse proxy server: Creates a single point of failure for all of your webservers unless you include load balancing in your solution Existing web applications may need to be modified in order to work correctly
Potential Risks If Not Implemented

Not implementing a reverse proxy server:

May increase your risk of a security breach May increase your operating costs for SSL certificates
Examples of Available Solutions

Solutions vary widely but the following are a couple of examples:

Basic solution Apache HTTP + Linux/Windows Server 2003 Advanced solution Microsoft Internet Security Application Server (ISA)
Considerations When Implementing
Set up a test environment Provision a backup server with the same configuration as your primary reverse proxy server Keep detailed documentation as reverse proxy servers may require extensive configuration
Additional Resources
Product Examples

Apache Software Foundation http://httpd.apache.org/ Microsoft http://www.microsoft.com/isaserver/default.mspx
General concepts
Wikipedia http://en.wikipedia.org/wiki/Reverse_proxy

Rps

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Rps

Diunggah oleh

Hak Cipta:

Format Tersedia

Reverse Proxy Server

What is a reverse proxy server (RPS)?

Example Reverse Proxy Network Diagram

Web Application (www.agency.org/permit)

Reverse Proxy Server (www.agency.org) (https://www.agency.org)

Web Application (www.agency.org/video)

Web Application (https://www.agency.org/payment)

Business Case Highlights

Unsecured Old Webserver (IIS 4.0)

Hardened Modern Webserver

Unsecured or Unstable Web Application

Single SSL certificate

Permit Payments (https://www.agency.org/permits)

Reverse Proxy Server (https://www.agency.org)

Class Registrations (https://www.agency.org/class)

Utility Payments (https://www.agency.org/utilities)

Caching and Compression

Central access logs

www.agency.org (single format access log) Central Location

www.agency.org (NCSA format access log)

Potential Risks of Implementation

Potential Risks If Not Implemented

Examples of Available Solutions

Considerations When Implementing

Apache Software Foundation http://httpd.apache.org/ Microsoft http://www.microsoft.com/isaserver/default.mspx

Anda mungkin juga menyukai