Security Basics mailing list archives
Re: A Good Reverse Proxy Product
From: David Glosser <david_glosser () yahoo com>
Date: Fri, 2 May 2008 08:42:26 -0700 (PDT)
How about an SSL VPN device... Aventail, Juniper, or even ISA server, etc.? Still place the OWA box in the DMZ, but don't allow direct access to it, only through the VPN... Also should consider an IDS/IPS or web application firewall in addition to this. ----- Original Message ----
From: Aiko Barz <aiko () deepco de> To: Paul Guibord <pguibord () thenailcogroup com> Cc: security-basics () securityfocus com Sent: Friday, May 2, 2008 8:11:16 AM Subject: Re: A Good Reverse Proxy Product On Wed, Apr 30, 2008 at 02:43:22PM -0400, Paul Guibord wrote:Greetings to all, We have a new MS Exchange server and the administrator wants to provide remoteOutlook Web Access access to it from the internet.As opposed to having a direct outside to inside translation to it I was toldthat we could put a reverse proxy server in the DMZ and then provide a DMZ to inside translation form there.First of all does this sound like the safest approach and if so can anyoneprovide the name of a good stable/secure reverse proxy product. Hi, I used Apache and Squid as a Reverse Proxy for OWA and RPC over HTTPs. Just a warning: You cannot use Apache as a Reverse Proxy for RPC over HTTPs anymore, because current versions are more strict and M$ is lying abount the HTTP "Content-Length": Outlook says, that the request has the content-length of 1GB. The Apache is waiting for the whole request: Dead lock. Outlook never intended to really send 1GB... https://issues.apache.org/bugzilla/show_bug.cgi?id=40029 If you want to use RPC over HTTPs with squid and Debian Stable, you need to know, that the default package is not build with SSL support. You need to get the Debian Source package and enable SSL support. (Just one line.) So long, Aiko -- :wq ✉
Current thread:
- Re: A Good Reverse Proxy Product Jon Kibler (May 01)
- Re: A Good Reverse Proxy Product Adriel Desautels (May 01)
- <Possible follow-ups>
- RE: A Good Reverse Proxy Product Dan Lynch (May 01)
- Re: A Good Reverse Proxy Product Aaron Howell (May 02)
- Re: A Good Reverse Proxy Product Adriel Desautels (May 05)
- Re: A Good Reverse Proxy Product Aaron Howell (May 02)
- Re: A Good Reverse Proxy Product Aiko Barz (May 02)
- Re: A Good Reverse Proxy Product David Glosser (May 05)