What are your thoughts on using a reverse proxy for security?
I have a web server that needs to chat with a bunch of different services on 3 different servers on the inside but only needs port 443 from the outside. Currently it is in the DMZ with a complex set of ACLs. A reverse proxy would simplify my firewall config and I'd only be punching one hole between the DMZ and a single server on the inside. This adds an additional point of failure and some additional complexity for troubleshooting the web application. Would you consider this a fair trade off for the additional security? I would be using IIS to do the RP.
No comments:
Post a Comment