I am working on setting up new networking for datacenter hosting a web site.
We have following topology
Internet -> Firewall1 -> ReverseProxy(for security) -> Web Server -> firewall2 -> databse
Firewall is linux iptables hardened
We do not have any IPS or IDS in here.
Question is Is ips/ids required for web server hosting? does it gain anything? only ports that are open is 80 and 443
An IPS will help, simply by noticing some attacks against your reverse proxy/webserver/sql injections and so on. The real question is not "will an IPS help" though, but "is the benefit of an IPS worth the extra cost and complexity it will add to my network". No one is going to be able to give you a definitive answer for that, however, assuming you're running some kind of WAF (i.e. mod_security or the like), then the answer is reasonably likely to be no, an IPS is not required.
An IPS (such as a tippingpoint) can catch things like common SQL injection strings and other layer 7 attacks that a firewall won't catch. That means you do gain some added security as it's an additional layer (defense in depth approach) and poorly written code will be less vulnerable.
I'm not sure if anyone can answer if such a thing is required or not
