RE: Reverse Proxy and Link Encoding

[Amit Klein <Amit.Klein () SanctumInc com>]

Hi Michael,

There are several commercial products that implement this concept - for
example, Sanctum (the company I work for) offers AppShield
(http://www.sanctuminc.com/solutions/appshield/index.html). We coded what
you described below into AppShield (we call this technology DPRE - Dynamic
Policy Recognition Engine). In order to provide more flexibility, we also
give the customer the ability to write "exception rules" which override
DPRE, thus allowing links that are not found in the HTML pages.

There's a slight difference in the implementation though. We do not change
the HTML pages so that links are pointing at AppShield. Rather, we let
AppShield (instead of the original web server) have the IP that is exposed
to the Internet, and then have AppShield forward the request to the web
server (which is not accessible from the Internet). Thus, the HTML pages are
not modified. In AppShield, we compare an incoming request to the links that
we extracted from the HTML pages, and if a match is found, we forward the
request.

If you're interested in more details, please do not hesitate to contact me.

Thanks,
-Amit

       Amit Klein

  Director  of  security
  and  audit   practices

       Sanctum, Ltd.

http://www.SanctumInc.Com/

Ampa Bldg.,  1 Sapir Street.
Mail:     P.O.Box      12047
Herzliya    46733,    ISRAEL

Tel: +972-9-9586077 Ext. 225
Fax: +972-9-9576337

Amit.Klein () SanctumInc Com