Reverse proxy

Reverse proxyΒΆ

To minimize risks of Web server exploitation, use a pool of reverse proxies in DMZ to isolate services inside of the cloud that may be vulnerable to attacks when directly accessed from the Internet.

To set up a reverse proxy:

  1. Install the latest vanilla Linux distribution (Ubuntu) with all security patches installed.

  2. Install a minimal set of packages.

    Note

    Only web server components must be provided with the latest security updates. No cloud services should be exposed in DMZ.

  3. Install Nginx as a lightweight reverse proxy server with a support of encryption and caching.

You can also use a reverse proxy as:

  • a load balancer

  • a web accelerator to accelerate encryption for TLS connections

  • a security gateway to filter out malformed requests