CacheGuard UTM & QoS embeds a reverse Proxy to secure exposed web applications.
CacheGuard Reverse Proxy
Exposing Web servers directly to the Internet presents majors risks for Web applications but also for the whole hosting infrastructure. Because the primary role of a Web server is to serve Web applications and not to secure them, Web servers are potentially vulnerable.
CacheGuard UTM & QoS can be implemented in reverse mode between Web applications and the Internet, and hence act as an intermediary (or reverse proxy). CacheGuard Reverse Proxy receives Web requests incoming from the Internet and then routes them to an isolated secure network where Web servers can be placed. Therefore any direct exposure of Web servers to the Internet is avoided.
CacheGuard Reverse Proxy can be activated alongside the CacheGuard Forwarding Proxy at the same time, making CacheGuard a unique shared access point for Web traffic.
CacheGuard is not just a Reverse Web Proxy but it is a Firewall, a VPN server, a Gateway Antivirus, a WAF, a Forwarding Web Proxy, a URL Guard, a Traffic Shaper, a Web Cache, a Web Compressor, an SSL Mediator/Inspector and much more.
Active Cloaking Proxy & Web ADC
CacheGuard Reverse Proxy does not act just as a passive intermediary between Web applications and users but it actively processes the Web traffic by filtering, caching, compressing and shaping the Web traffic in order to deliver Secure Web traffic to Web applications and Optimized Web traffic to users and Web servers. In other words, with CacheGuard Reverse Proxy you get a powerful Web ADC (Application Delivery Controller). You can learn more about all CacheGuard Functions that contribute to secure and optimize the Web traffic at CacheGuard Functions.
CacheGuard Reverse Proxy innately comes with the underlying functions described below.
SPoF and High Availability
The drawback of implementing a reverse proxy is the introduction of a SPoF (Single Point of Failure) in the network. Fortunately CacheGuard UTM & QoS can address that drawback with the possibility to implement two or more CacheGuard in HA (High Availability) mode in order to eliminate any SPOF.
CacheGuard Reverse Proxy can balance the total Web traffic load between multiple Web servers and detect failures on load balanced Web servers. In case of a failure on a Web server, CacheGuard Reverse Proxy removes that failed Web server from the pool of load balanced Web servers in order ensure the continuity of services provided by your Web applications. The Load Balancing feature allows you to have scalable and highly available Web applications.
Web Server Optimization
All CacheGuard optimization functions such as the Web Caching, the Web Traffic Compression and the Traffic Shaping are available in reverse mode. The caching of Web contents by the Reverse Proxy allows you to accelerate Web servers by freeing them from the redundant task of delivering static objects while the compression of outgoing Web traffic allows you to save your bandwidth. In addition, the Traffic Shaping feature allows you to reserve more bandwidth for your more critical Web applications and hence increasing the quality of services that you deliver.
In reverse mode, CacheGuard UTM & QoS acts as an SSL offloader so encrypted Web traffic are decrypted before addressing Web servers. The SSL offloading is an intrinsic feature to allow operations such as filtering and caching. CacheGuard uses a stable and up to date version of OpenSSL
library to manage HTTPS
and other SSL/TLS based traffic. The SSL options and ciphers are adequately chosen in CacheGuard to provide the highest security level for HTTPS
traffic, thereby allowing you to do not worry about SSL weaknesses. The overall rating given by Qualys
to Web applications cloaked by CacheGuard is an A