2017-01-27

Reverse Proxy Filtering for HTTP/S

CacheGuard Web Gateway appliance embeds a reverse proxy.

CacheGuard Reverse ProxyReverse Proxy - CacheGuard Load Balancer

CacheGuard can secure and optimize the Web traffic destined to Web users with a forwarding proxy (or Web proxy) as well as the Web traffic destined to Web applications with a reverse proxy (in reverse mode). Both the forwarding proxy and reverse proxy can be activated at the same time, making CacheGuard a unique shared access point for Web traffic.

Learn more about the reverse proxy in the User’s Guide.

Because placing a stand alone reverse proxy in front of Web applications (and servers) represents a SPOF (Single Point Of Failure), redundant CacheGuard appliances can be implemented in HA (High Availability) mode in order to eliminate the SPOF. Learn more about the HA in the User’s Guide.

Load Balancer

Once CacheGuard is implemented in front of Web applications, it has the capability to balance the total Web traffic load between multiple Web servers. This mechanism allows you to have scalable architectures and highly available Web applications.

Web Application Firewall

CacheGuard not only allows you to protect Web servers at the network level but it can also inspect Web requests and block malicious contents such as XSS, SQL injections or malware. Hence, CacheGuard acts as a WAF (Web Application Firewall) and filter the Web content. The WAF in CacheGuard is powered by Apache, ModSecurity and OWASP WAF rules. Learn more about the WAF in the User’s Guide.

Web Server Optimization

All integrated CacheGuard optimization features such as caching, compressing and traffic shaping are available in reverse mode. Especially the caching at the CacheGuard level allows you to accelerate Web servers by freeing them from redundant I/O for static objects such as images.

SSL Offloading

In reverse mode, CacheGuard acts as an SSL offloader for HTTPS traffic. When CacheGuard acts as an SSL offloader, all HTTPS traffic are encrypted between Web clients and CacheGuard (the SSL offloader). Afterward, CacheGuard decrypts HTTPS traffic before addressing cloaked Web servers. The SSL offloading on CacheGuard is mandatory to assure operations on Web contents such as filtering, caching and compressing.

CacheGuard uses a stable and up to date version of OpenSSL library to manage HTTPS and other SSL/TLS based traffic.The SSL options and ciphers are adequately chosen in CacheGuard to provide the highest security level for HTTPS traffic, thereby allowing you to concentrate on your core business and do not worry about SSL weaknesses.