[Snort-users] Snort on reverse proxy

e-mail lists lists at ...4901...
Thu Feb 7 04:30:05 EST 2002


Hi,

I have a client who recently implemented a reverse proxy on
apache (1.3.23) to perform some filtering of requests to a
database server (Ultrix). The client leases the database service
on the alpha and does not have access to the database server to
harden the system (the client is told that the website for the
database will not run on recent versions of apache and thus
cannot be updated to patch levels 1.3.x).  The reverse proxy is
behind a firewall. The database server exists on a separate
network and the firewall is configured to only allow inbound tcp
80 connections from the reverse proxy. The firewall rule set does
not allow the database server to initiate connections to
elsewhere. The database is public access and does not use SSL or
an authentication mechanism.

I have been considering running snort on the reverse proxy to
further filter requests to the database web server.
Unfortunately, for the time being, I have no other hardware to
install snort elsewhere. Apache configured as a reverse proxy is
the only service on this box. there are no other devices on the
reverse proxy network.

Can someone advise of the suitability of running snort on the
reverse proxy to filter requests? What is the preferred database
and why (the client has postgres experience and no mysql
experience)

Thanks,

Darren




More information about the Snort-users mailing list