test

Sun Java System Web Proxy Server 4.0.3 2006Q2 Administration Guide

Secure Reverse Proxying

Secure reverse proxying occurs when one or more of the connections between the proxy server and another machine uses the Secure Sockets Layer (SSL) protocol to encrypt data.

Secure reverse proxying has many uses:

Secure reverse proxying causes each secure connection to be slower due to the overhead involved in encrypting your data. However, because SSL provides a caching mechanism, two connecting parties can reuse previously negotiated security parameters, dramatically reducing the overhead on subsequent connections.

There are three ways to configure a secure reverse proxy:

Secure client to proxy. This scenario is effective if there is little or no chance that the information being exchanged between your proxy and content server can be accessed by unauthorized users (see Secure Reverse Proxying).

Figure 14–2 Secure client connection to proxy

Diagram showing a secure client connection to proxy.

Secure proxy to content server. This scenario is effective if you have clients inside the firewall and a content server that is outside the firewall. In this scenario, your proxy server can act as a secure channel between sites (see Secure Reverse Proxying

Figure 14–3 Secure proxy connection to content server

Diagram showing a secure proxy connection to content server.

Figure 14–4 Secure client connection to proxy and secure proxy connection to content server

Diagram showing a secure client connection to proxy and a secure proxy connection to content server.

For information on how to set up each of these configurations, see Setting up a Reverse Proxy.

In addition to SSL, the proxy can use client authentication, which requires that a computer making a request to the proxy provides a certificate (or form of identification) to verify its identity.