On 5/15/2021 10:21 AM, Jason Long wrote:
Hello,
Is proxy to proxy improving the security? For example:
The Internet --> Reverse Proxy Server --> Reverse Proxy Server --> Web Site
It really depends on what functions your proxies are performing. For
example, are the reverse proxies simply load balancers or do they also
serve as a WAF (Web Application Firewall)? A combination of both
services on the same reverse proxy is a common implementation often
offered commercially. Weeding out malicious requests falls on on the
reverse proxy WAF while the backend web servers are free to spend their
resources on legitimate requests.
I think part of the answer is for security don't completely rely on your
reverse proxy to keep out all malicious activity. It should do a good
job. None the less you still want your backend free of vulnerabilities
like XSS and SQLi.
I think you'd have to define more of the purpose of multiple reverse
proxies.
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org