CacheGuard Web Gateway Appliance embeds a reverse Proxy to secure Web servers and applications.
CacheGuard Reverse Proxy
Exposing Web servers directly to the Internet presents majors risks for Web applications but also for the whole hosting infrastructure. Because the primary role of a Web server is to serve Web applications and not to secure them, Web servers are potentially vulnerable.
CacheGuard Web Gateway can be implemented in reverse mode between Web applications and the Internet, and hence act as an intermediary (or reverse proxy). CacheGuard Reverse Proxy receives Web requests coming from the Internet, rewrites and then routes them to an isolated secure network where Web servers can be placed. Therefore any direct exposure of Web servers to the Internet is avoided.
CacheGuard Reverse Proxy can be activated alongside the CacheGuard Forwarding Proxy at the same time, making CacheGuard Web Gateway a unique shared access point for Web traffic.
CacheGuard Web Gateway is not just a Reverse Web Proxy but it is a Firewall, a Gateway Antivirus, a WAF, a Forwarding Web Proxy, a URL Guard, a Traffic Shaper, a Web Cache, a Web Compressor, an SSL Mediator/Inspector and much more.
Active Cloaking Proxy
CacheGuard Reverse Proxy does not act just as a passive intermediary between Web applications and users but it has also the capability to actively process the Web traffic by filtering, caching, compressing and shaping the Web traffic in order to deliver Secure Web traffic to Web applications and Optimized Web traffic to users and Web servers. You can learn more about all CacheGuard Functions that contribute to secure and optimize the Web traffic at CacheGuard Functions.
CacheGuard Reverse Proxy innately comes with the underlying functions described below.
SPoF and High Availability
The drawback of implementing a reverse proxy is the introduction of a SPoF (Single Point of Failure) in the network. Fortunately CacheGuard Web Gateway can address that drawback with the possibility to implement two or more CacheGuard Web Gateways in HA (High Availability) mode in order to eliminate any SPOF.
CacheGuard Reverse Proxy can balance the total Web traffic load between multiple Web servers and detect failures on load balanced Web servers. In case of a failure on a Web server, CacheGuard Reverse Proxy removes that failed Web server from the pool of load balanced Web servers in order ensure the continuity of services provided by your Web applications. The Load Balancing feature allows you to have scalable and highly available Web applications.
Web Server Optimization
All CacheGuard optimization functions such as the Web Caching, the Web Traffic Compression and the Traffic Shaping are available in reverse mode. The caching of Web contents by the Reverse Proxy allows you to accelerate Web servers by freeing them from the redundant task of delivering static objects while the compression of outgoing Web traffic allows you to save your bandwidth. In addition, the Traffic Shaping feature allows you to reserve more bandwidth for your more critical Web applications and hence increasing the quality of services that you deliver.
In reverse mode, CacheGuard Web Gateway acts as an SSL offloader so encrypted Web traffic are decrypted before addressing Web servers. The SSL offloading is an intrinsic feature to allow operations such as filtering and caching. CacheGuard Web Gateway uses a stable and up to date version of OpenSSL library to manage HTTPS and other SSL/TLS based traffic. The SSL options and ciphers are adequately chosen in CacheGuard Web Gateway to provide the highest security level for HTTPS traffic, thereby allowing you to do not worry about SSL weaknesses. The overall rating given by Qualys to Web applications cloaked by CacheGuard Web Gateway is an A.