On 5/15/2021 10:21 AM, Jason Long wrote:
Hello,
Is proxy to proxy improving the security? For example:

The Internet --> Reverse Proxy Server --> Reverse Proxy Server --> Web Site


It really depends on what functions your proxies are performing. For example, are the reverse proxies simply load balancers or do they also serve as a WAF (Web Application Firewall)? A combination of both services on the same reverse proxy is a common implementation often offered commercially. Weeding out malicious requests falls on on the reverse proxy WAF while the backend web servers are free to spend their resources on legitimate requests.

I think part of the answer is for security don't completely rely on your reverse proxy to keep  out all malicious activity. It should do a good job. None the less you still want your backend free of vulnerabilities like XSS and SQLi.

I think you'd have to define more of the purpose of multiple reverse proxies.

Jim



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to