RE: Reverse Proxy and Link Encoding

[Amit Klein <Amit.Klein () SanctumInc com>]

   Hi Amit

    > There's a slight difference in the implementation though. We do
   not change
    > the HTML pages so that links are pointing at AppShield. Rather,
   we let
    > AppShield (instead of the original web server) have the IP that
   is exposed
    > to the Internet, and then have AppShield forward the request to
   the web
    > server (which is not accessible from the Internet). Thus, the
   HTML pages are
    > not modified. In AppShield, we compare an incoming request to the
   links that
    > we extracted from the HTML pages, and if a match is found, we
   forward the
    > request.

   I think we both mean different applications. You seem to be talking
   about
   a reverse proxy that is typically put into a DMZ and lets people
   from the
   Internet (or other external networks) access web servers in a company's
   internal network by mapping their web space into the proxy's web space.

   I, on the other hand, was talking about a proxy that would be used
   to let
   people from an internal network access the Internet without having any
   client-provided information leaving to the Internet (and thereby
   ensuring
   that no hostile data like URL-based exploits threaten third parties'
   public web servers).

You're right - AppShield is a reverse proxy, and I assumed this was the 
subject of the thread (whose title is "Reverse Proxy and Link 
Encoding"). I think you're talking about forward proxy. In the past, 
Sanctum considered the idea you suggested (that is, to offer a flavour 
of AppShield as a forward proxy server, protecting external sites from 
hacking from the internal zone), but this is not currently offered in 
AppShield. I suppose if there's a considerable traction to this feature, 
that we will reconsider.

Thanks,
-Amit