httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: [users@httpd] about Apache HTTP Server reverse proxy
Date Fri, 08 Jan 2010 13:05:22 GMT
> I also worry about the security of reverse proxy mode.
> For example, if a hacker want to destroy my system, he construct a
> wicked HTTP request package to my system. After the Apache HTTP Server
> received the HTTP request package, it will forward the package to
> Tomcat. So, the Tomcat will be destroyed.
> But I have read passages about reverse proxy, all of them say that
> reverse proxy is very secure. If it works like I've just written, it's
> not secure any more.

You could run something like mod_security on your proxy servers if you
were worried about what kinds of requests were forwarded to your
backend, and wanted to make something "more secure" by putting a proxy
in front of it.

As it stands now in your scenario, adding the reverse proxy does not
harm the security of the solution.

Eric Covener

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message