Re: Proxy servers or serve direct codebase

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

What if you have an apache acting as a gateway which is configured to only accepting html drop everything else from the Internet then forward only html to the backend server for processing on the private network,  would that not make the backend server less vulnerable than  if you hadn't  taken the precaution of adding the extra layer and an html filter  ?




On Sun, 16 Mar 2025, 12:35 Eric Covener, <covener@xxxxxxxxx> wrote:
On Sun, Mar 16, 2025 at 4:20 AM Zahid Rahman <zahidr1000@xxxxxxxxx> wrote:
>
> Let me rephrase my question then. Using Apache without the reverse proxy feature
> https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
>
> Does it leave your apache webserver vulnerable to attack  ?

No, enabling mod_proxy in a server doesn't make it any less
vulnerable.  What type of vulnerability could it possibly mitigate?

It is reasonable to say that putting any application behind any proxy
with anything resembling security or WAF-like features makes the
backend less vulnerable to attack (on the whole).   OTOH there are
vulnerabilities that only affect proxies or the desync between the
expectations of a proxy and the backends so this is not a total
slam-dunk either.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]
  Powered by Linux