On Saturday 15 May 2021 at 16:21:56, Jason Long wrote:
> Hello,
> Is proxy to proxy improving the security? For example:
>
> The Internet --> Reverse Proxy Server --> Reverse Proxy Server --> Web Site
I would say that if the two reverse proxies, and the web server, are all
running different software, then this arrangement makes you less susceptible to
any vulnerabilities in any of them which otherwise might be exploited.
The weakest part of the system, of course, is the proxy exposed to the
Internet. If that can be compromised then it might be persuaded to send a
perfectly legitimate (but undesirable) request through to the second proxy,
etc.
If the two proxies are running the same software, though (for example Apache),
then you might as well just put all your effort into securing the first one.
After all, suppose you know how to secure a reverse proxy to level X (whatever
that means). You would be mad then to place another identical proxy behind it
secured to a lower level than X, and if you can secure that second proxy to a
higher level than X (call it X+), then you should just implement level X+ on
the first one to begin with.
Regards,
Antony.
--
In the Beginning there was nothing, which exploded.
- Terry Pratchett
Please reply to the list;
please *don't* CC me.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|