Reverse proxies support operational scale by eliminating the need to install agents on every user endpoint before you can offer secure access to managed resources. Scalability and resource management: This is a two-part benefit.Data security and threat prevention: Reverse proxies provide web application firewall (WAF) functionality by monitoring and filtering traffic (including encrypted traffic) between managed and unmanaged endpoints and the web server, protecting it from SQL injection, cross-site scripting, and more.With those use cases in mind, the advantages of using a reverse proxy fall into three main areas: If a large website or other web service uses multiple origin servers, a reverse proxy can distribute requests among them to ensure even server loads.DNS can be used to route requests evenly among multiple reverse proxies. A reverse proxy can cache content from an origin server in temporary storage, and then send the content to clients that request it without further transacting with the server (this is called web acceleration).
They mainly do this in two different ways: Reverse proxies can be used to handle client requests that could otherwise overwhelm a single server with high demand, promoting high availability and better load times by taking pressure off the backend server.
By agentlessly preventing uploads or downloads of infected files to or from cloud resources, a reverse proxy provides advanced threat protection against malware and ransomware.īy nature, reverse proxies also hide servers and their IP addresses from clients, which protects web resources from threats such as distributed denial of service (DDoS attacks). Threat PreventionĪn infected file in a cloud service can spread to connected apps and devices-especially unmanaged devices. Because it operates inline and inspects encrypted traffic (especially a cloud-based reverse proxy), it can ensure uploaded or downloaded data falls in line with your policies. Data ProtectionĪ reverse proxy can enforce data loss prevention policies to prevent accidental or intentional uploads or downloads of sensitive information to or from sanctioned cloud apps. Instead, a reverse proxy offers agentless protection against data leakage and malware from any unmanaged device accessing your cloud applications and resources. Third parties won’t let you install agents on their endpoints, and many employees don’t want agents on their personal devices, either. You can install agents to manage devices your organization owns, but unmanaged endpoints are a different story. Beyond that, plenty of suppliers, partners, and customers may need access to your internal applications on their own unmanaged devices, presenting a risk to your security. Many of your employees may use multiple devices for work, including personal ones. Reverse proxying, as a CASB deployment mode, is core to the security service edge model alongside secure web gateway ( SWG), zero trust network access (ZTNA), and other cloud-delivered security services.īeyond SSE, common specific use cases for reverse proxies include: Securing Unmanaged Devices The reverse proxy can also scrub server responses for information that could allow a hacker to redirect to protected internal resources or take advantage of other vulnerabilities. Reverse proxy sends the response to the client.Server sends response through the firewall to the proxy.Firewall either blocks the request or forwards it to the server.Reverse proxy forwards the incoming request to the firewall (the reverse proxy can be configured to respond directly to requests for files in its cache without communicating with the server-see more detail on this in the use cases).Client sends a request, which the reverse proxy intercepts.The client and the server never communicate directly, but the client interprets responses as if they had. Client requests are routed first to the reverse proxy, then through a specified port in any applicable firewall, and then to the content server-and finally, back again. Let’s look at this process a bit more closely.Ī reverse proxy can protect sensitive data (e.g., PCI data, PII) by acting as a middleman or stand-in for the server on which that data resides. This offers a straightforward user experience, with incoming traffic to managed cloud apps and the like redirected to the reverse proxy automatically. Once services and apps are configured to transact with the reverse proxy, it can operate inline without an agent. Sitting in the flow of traffic, a reverse proxy integrates with an organization’s authentication service (e.g., single sign-on).
0 kommentar(er)
