[Snort-users] Request for Reverse Proxy Guidance

Jason Wallace jason.r.wallace at ...11827...
Wed Mar 31 09:29:54 EDT 2010

Howdy all,

I'm looking for some IDS best practice guidance when dealing with a
reverse proxy. We have a new application being deployed that needs to
be assessable from the Internet via a web interface but also needs to
authenticate to AD. To date we do not pass the Windows auth ports from
our DMZ to our internal network and I would like to keep it that way.
To me that means we probably need to proxy the web traffic from our
DMZ to the new system hosted on the inside.

If I monitor in front of the proxy I'll see the original Internet src
address, with a dest of the proxy, and the original http request. If I
monitor behind the proxy I'll see the src as the proxy, the dest as
the internal server, and the proxyed http request.

If you could only monitor either in front or behind...which would you
do? I'm new to reverse proxies so if I'm missing something obvious,
please feel free to point this out!


More information about the Snort-users mailing list