-1

I'm looking for a security solution for my web-server Apache in windows enviroment for an authenticated services published to internet, I cannot setup a DMZ because it is heavily connect to all other servers of that network.

My question is: can a reverse proxy protect me from apache exploits? I was thinking for example at NetScaler AD to authenticate users and then let it pass to apache.

I'm writing this question mainly because I don't know what an apache exploit is and how I can use it to hole a system.

Tobia
  • 107
  • 3
  • There is no single Apache exploit. And there is no single reverse proxy implementation. Some kinds of reverse proxies (notable web application firewalls implemented as reverse proxy) might be useful to block certain exploits against Apache. Some might be configured to let only authorized requests pass. But there is no such thing as a generic reverse proxy which generically blocks all possible exploits against Apache. – Steffen Ullrich Aug 30 '17 at 09:10
  • Ok, good to know. I cannot understand why I got a downvote. – Tobia Aug 30 '17 at 09:47
  • You got the downvote from me because this question is very unspecific and broad. You don't even understand what you need protection from as seen by your statement *"...I don't know what an apache exploit is..."*. – Steffen Ullrich Aug 30 '17 at 10:35
  • I'm trying to find a solution for most problem connected to apache, not all, not a specific one, this is the reason why my question is unspecific and I did not study a specific exploit details. I think nobody has solution for ALL apache exploits. – Tobia Aug 30 '17 at 10:51

1 Answers1

2

A reverse proxy alone won't protect from exploits. Generally, you would use a reverse proxy in conjunction with a Web Application Firewall (https://www.owasp.org/index.php/Web_Application_Firewall) to protect a website/server.

You could look at something like ModSecurity (https://www.modsecurity.org/) to provide some WAF functionality.

There are commercial tools like F5 ASM (https://f5.com/products/big-ip/application-security-manager-asm) or Fortinet FortiWeb (https://www.fortinet.com/products/web-application-firewall/fortiweb.html) also. They are expensive though, being enterprise products.

Hope this helps.

Damon Johnstone
  • 41
  • 4
  • Thank you for your reply, can you explain me in few works what a reverse proxy resolve in terms of security? – Tobia Aug 30 '17 at 06:53
  • 1
    Reverse proxies can do a number of things such as hide servers holding the content, perform SSL offload so IPS/IDS systems can be more effective, authentication, caching and load balancing. (https://en.wikipedia.org/wiki/Reverse_proxy) If you are interested in blocking OWASP Top 10 attacks, you really need a WAF. – Damon Johnstone Aug 30 '17 at 06:58