InfoCenter Home > 7.1.3.6.3: Reverse proxy (IP forwarding) sample topologyOverviewReverse proxy (or IP-forwarding) topologies use a reverse proxy server to receive incoming HTTP requests and forward them to a Web server. The Web server in turn forwards the requests to the application servers that do the actual processing. The following figure shows a simple reverse proxy topology.
In this example, a reverse proxy resides in a demilitarized zone (DMZ) between the outer and inner firewalls. It listens on an HTTP port (typically port 80) for HTTP requests. The reverse proxy then forwards those requests to an HTTP server that resides on the same machine as WebSphere Application Server. After the requests are fulfilled, they are returned through the reverse proxy to the client, hiding the originating Web server. Typical useReverse proxy servers are typically used in DMZ configurations to allow additional security between the public Internet and the Web servers (and application servers) servicing requests. A reverse proxy product used with WebSphere Application Server must support Network Address Translation (NAT) and WebSphere security. Reverse proxy configurations support high-performance DMZ solutions that require as few open ports in the firewall as possible. The reverse proxy capabilities of the Web server inside the DMZ require as few as one open port in the second firewall (potentially two if using SSL - port 443). The advantages of using a reverse proxy server in a DMZ configuration include the following:
The disadvantages of using a reverse proxy server in a DMZ configuration include the following:
Article 7.1.4, Firewall and demilitarized zone (DMZ) configurations, compares the reverse proxy topology to other topologies that support a DMZ configuration. InstructionsThe implementation specifics are determined by the reverse proxy server; refer to the documentation for the product you are using. No additional WebSphere administration is required for the reverse proxy server, although it can be needed for other elements of the reverse proxy topology. The following figure shows how a reverse proxy server can be used with Remote OSE. In this case, the reverse proxy server (located on host http1) passes requests to a second Web server (located on host http2) that uses Remote OSE to forward the requests to an application server. The application server requires virtual host configurations for the physical hosts http1 and http2, but not for the reverse proxy host name. |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|