This article applies to:
[ Zend Core V2.x ]
[ IBM System i V5R4 ]
Ease of integration, multiple configuration and management is simplified by deploying a reverse proxy single sign-on server. The reverse proxy is a broker for incoming requests from the Internet connecting to resources inside your network firewall. This feature makes the apache reverse proxy a policy enforcement entry point for all user access control, authentication and authorization verfication.
Proxy server: Protecting direct access
- Proxy servers are deployed on a network for two key purposes:
- A proxy can be used to:
- Filter inbound and outbound requests
- Can be used as a single point of access for communications with un-trusted networks
Proxies can also dramatically improve HTTP response times by serving documents from a dynamic local content or have a need to speed up access to local files. This effectively reduces network traffic, bandwidth occupation, and Central Processing Unit (CPU) load (depending on the type of request being served).
- This section focuses on the two mainstream proxy implementations:
- The forward proxy
- The reverse proxy
Both can be implemented as virtual hosts or ''stand-alone servers''. Apache proxy can also be configured as part of a proxy chain by specifying to which server the requests will be relayed.
Reverse proxy - Security and Performance
Reverse proxy is the same as a Forward proxy, except that requests from the Internet outside of the firewall, to isolated, private networks are allowed through a firewall.
It is used to prevent Internet clients from having direct, unmonitored access to sensitive data residing on content servers on an isolated network or intranet. If caching is enabled, a reverse proxy can also reduce network traffic by serving cached information rather than passing all requests to actual content servers. Reverse proxy servers may also balance workload by spreading requests across a number of content servers. An advantage of using a reverse proxy is that Internet clients do not know their requests are being sent to and handled by a Reverse proxy server. This allows a reverse proxy to redirect or reject requests without making Internet clients aware of the actual content server (or servers) on a protected network. A reverse proxy server first checks to make sure a request is valid. If a request is not valid, or not allowed (blocked by the proxy), it does not continue to process the request resulting in the client receiving an error or a redirect. If a request is valid, a reverse proxy may check if the requested information is cached. If it is, the reverse proxy serves the cached information. If it is not, the reverse proxy requests the information from the content server and serves it to the requesting client.
The SSL proxy is typically used as a Rreverse proxy that supports SSLfor the connection from the client browser through the proxy to the content server.
In fact, two connections are established:
- The first HTTPS connection is established from the browser to the proxy server, this connection terminates at the proxy.
- The second HTTPS connection is established from the proxy to the content server.
You can also configure the proxy server to always establish a SSL connection from the proxy to the content server, but to allow non-protected (HTTP) and protected (HTTPS) connections from the client to the reverse proxy.
For more information on i5/OS commands see IBM Information Center (links below)