Paul Cocker wrote:
Sorry if we're entering into "duh" territory here, but quite simply are there non-performance benefits to be gained from a reverse proxy configuration. I'm thinking in terms of security for the most part. Say, a squid reverse proxy sitting in the DMZ in a reverse proxy configuration for a website on the internal network.
As you say there is performance and load-relief. Then there are the things I'm using it for which Apache cannot do:
DMZ secure gatewaying to internal servers allows the them to securely server confidential information to fixed internal IPs and non-confidential info to a fixed (squid) IP.
Squid 3.1 (3-HEAD currently) is gatewaying IPv4 and IPv6 for clients and servers which cannot communicate otherwise.
It is also allowing me to securely provide monitored web browsing to a black-box public WiFi network which my firewall and router can only see as a single IP an MAC address doing a LOT of web access. No more anonymous overcharges due to P2P software!!
I see Apache can also do reverse proxy, which was surprising to me, or is it not quite the same thing?
It's their version. Though people have varying degrees of complaints about it. I have none, but that I don't tax it for very much beyond customer external WebHops.
The biggest issue with the apache proxy modules is that you need the whole apache to run them. Apache is not exactly light in its default packaging. While a running squid is not that much better it has less knobs to turn things off.
Amos -- Please use Squid 2.6STABLE17+ or 3.0STABLE1+ There are serious security advisories out on all earlier releases.
