Is a reverse proxy useful behind a load balancer and IPS

Question

We have a Web infrastructure with a farm of Web Servers. They are behind a loadbalancer which does SSL offload. We also have a IPS and obviously a set of firewalls.

Now, for security reason we have been asked to look into the possibility of adding a reverse proxy. I insist this is for security reason only as we are not planning to use any caching.

My question is: Is it worth the effort? Is there any added value to an additional layer and if yes would it justify the time spent?

http://serverfault.com/questions/536144/why-put-a-reverse-proxy-in-front-of-a-wsgi-server — TheCleaner, Sep 12 '13 at 13:40

score 0 · Answer 1 · answered Sep 12 '13 at 14:21

0

If your webserver is (pre-)forking or uses light weight processes (threads) then using an event based proxy (e.g. ATS, nginx, NOT varnish) in front gives a lot of protection against sloloris type attacks. But in the absence of any caching (or DOS attacks) it's going to slow down your traffic.

Why so anti caching?

answered Sep 12 '13 at 14:21

symcbean

21,009
1
31
52

Caching was just not part of the original scope, I am happy to add it if not having it penalise the performance. – Momo Sep 12 '13 at 14:30
update--Caching was just not part of the original scope, I am happy to add it if not having it penalise the performance significantly. Overall I had the feeling that the reverse-proxy would be redundant with the LB+IPS. I should add that our webservers are in the DMZ only accessible by the LoadBalancer – Momo Sep 12 '13 at 14:41

Is a reverse proxy useful behind a load balancer and IPS

1 Answers1