Presentation is loading. Please wait.

Presentation is loading. Please wait.

Daniel “3ICE” Berezvai Reverse Proxy Presentation by:

Published byLindsay Gallagher Modified over 6 years ago

Similar presentations

Presentation on theme: "Daniel “3ICE” Berezvai Reverse Proxy Presentation by:"— Presentation transcript:

1 Daniel “3ICE” Berezvai Reverse Proxy Presentation by:
With thanks to nginx.com, nginx.org, digitalocean.com, stackoverflow.com, serverfault.com, and wikipedia.org. Reverse Proxy

2 A proxy server is a go-between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate back-end server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.

3 Common uses for a reverse proxy server include
Load balancing Web acceleration Security and anonymity

4 Load balancing A reverse proxy server can act as a "traffic cop," sitting in front of your back-end servers and distributing client requests across a group of servers in a manner that maximizes speed and capacity utilization while ensuring no one server is overloaded, which can degrade performance. If a server goes down, the load balancer redirects traffic to the remaining online servers.

5 Web acceleration Reverse proxies can compress inbound and outbound data, as well as cache commonly requested content, both of which speed up the flow of traffic between clients and servers. They can also perform additional tasks such as SSL encryption to take load off of your web servers, thereby boosting their performance.

6 Security and anonymity
By intercepting requests headed for your back-end servers, a reverse proxy server protects their identities and acts as an additional defense against security- threatening attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your LAN (local area network).

7 NGINX Plus and NGINX are the best-in-class reverse-proxy solutions used by high-traffic websites such as Dropbox, Netflix, Facebook, and Zynga. More than 130 million websites worldwide and over 40% of the world’s 10,000 busiest websites use NGINX Plus and NGINX to deliver content quickly and reliably. (This is a marketing statement; quite clever, but transparent to the experienced eye. Obviously most people use the free, open source NGINX.)

8 As a software-based reverse proxy,
not only is NGINX Plus less expensive than hardware-based solutions with similar capabilities, it can be deployed in the public cloud as well as in private data centers, whereas cloud infrastructure vendors generally do not allow customer or proprietary hardware reverse proxies in their data centers. (Nothing beats free, open source nginx, of course.)

9 Normal proxy vs Reverse proxy
What is a Proxy? Someone or something acting on behalf of someone else. In this case; A proxy server is acting on the behalf of another computer. It has two types: Normal proxy Reverse proxy

10 Normal proxy

11 Normal proxy You (client) ↓
Proxy (SOCKS, TODO what's the other one, etc.) Website (TheGreatChineseFirewall.com) Forward Proxy: Acting on behalf of a normal user (service consumer)

12 Reasons why you would want to use a normal proxy server:

13 You are unable to access a (possibly) virus infected website or domain, due to your system administrator (or Google) blocking it. (Usually a false positive, very annoying.)

14 Your employer has blocked facebook. com from the corporate network
Your employer has blocked facebook.com from the corporate network. Because a lot of lazy people are checking facebook at work. Constantly.

15 You are a student at an elementary school and are trying to look at porn in the library. Adult content is blocked by a filter.

16 The dictatorship / government in your country is unable to control the publishing of news, so it blocks access to news websites. Or wikipedia.

17 You are attempting to hack target
You are attempting to hack target.com whose administrator has blocked you due to suspicious activity.

18 You are spamming forum.com and the administrator there has decided to temporarily ban your IP address and/or whole netrange.

19 Reverse proxy

20 Client → Reverse proxy → Server
You (client) → Reverse proxy (nginx, masquerading as example.com) One of their backend servers (host19.example.com) Reverse Proxy: Acting on behalf of a service provider or content producer.

21 A common use case: It is often beneficial for administrators to route traffic through a gateway to several available mirrors. Direct access to a mirror is forbidden.

22 What's different this time compared to a normal "forward" proxy
The user is unaware of it happening. The user thinks he is communicating with example.com directly. Nowhere is it mentioned that all communication traffic is actually forwarded to host19. The mirrors are invisible to client, only the reverse proxy is visible externally.

Download ppt "Daniel “3ICE” Berezvai Reverse Proxy Presentation by:"

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
By Vikas Debnath KV IT-Solutions Pvt. Ltd.

By Vikas Debnath KV IT-Solutions Pvt. Ltd.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 7 Working with Proxy Servers & Application-Level Firewalls By Whitman, Mattord,

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 7 Working with Proxy Servers & Application-Level Firewalls By Whitman, Mattord,
Working with Proxy Servers and Application-Level Firewalls Chapter 5.

Working with Proxy Servers and Application-Level Firewalls Chapter 5.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?

Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Chapter 7: Working with Proxy Servers & Application-Level Firewalls

Chapter 7: Working with Proxy Servers & Application-Level Firewalls
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
SANGFOR AD INTRODUCTION

SANGFOR AD INTRODUCTION
CLOUD COMPUTING  IT is a service provider which provides information.  IT allows the employees to work remotely  IT is a on demand network access.

CLOUD COMPUTING  IT is a service provider which provides information.  IT allows the employees to work remotely  IT is a on demand network access.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.

Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Similar presentations

Ads by Google