A reverse proxy typically provides one or more of the following:
- A way to hide the existence of the target web servers
- Application firewall to allow centralized management of various common attack vectors and malware
- SSL encryption off-loading (sometimes called SSL Acceleration), allowing the web server to run without software SSL to increase overall performance
- Load balancing for back-end web farm architectures
- Content cache for frequently-requested content
- Failover management when one of the load-balanced web servers goes down
A reverse proxy typically resides in the DMZ, allowing the VKPI server to reside on the LAN behind a firewall. The AD servers typically also reside on the LAN.
The reverse proxy hides these boxes from the outside connecting user, thus allowing a seamless 2-step authentication
- Client connects to FQDN pointing to reverse proxy (e.g. http://kpi.company.com)
- Proxy routes traffic to internal site. Internal site challenges client to login with User Name / Pwd screen, User enters credentials
- AD either authenticates the credentials or not, provides answer
- If authenticated, internal site immediately shows initial requested page
If you have additional questions, the quickest way to get an answer is to drop us a line at email@example.com or call us at +1-925-218-6983.
Last updated on April 2, 2013 by Transpara