What is a reverse proxy ?
A reverse proxy server sits between your website’s origin server and the clients trying to access it. It protects the identity of the origin server by directing traffic from users towards itself, before sending it to the origin server of your website. You can learn more about it from this Reverse Proxy Blog.
What is role-based access control (RBAC) ?
Role based access control (RBAC)means allowing access to users to a stack based on the set user roles and permissions. With a defined role based access control (or rbac) users access levels throughout the organization and protect their data at the same time.
Top 3 reasons why your organization needs a reverse proxy to secure website folders
- Role based access control (or rbac) : Control which role has access to which folder and data items using IP restriction.
- Monitor user actions : It helps in monitoring and analyzing every single access request sent from a user for potential threats.
- Update user roles and permissions : You can easily make changes to a user’s role and access levels by making the changes in the server itself.
How access control for WordPress websites based on user role works ?
Suppose we have 2 users, Joe and Eddie. We have 2 separate sites on WordPress (Website#1 and Website#2) that we are redirected to from the origin website. The access to those sites will be granted based on the user roles and permissions defined.
In our use case, Joe has access to Website#1 and Eddie has access to Website#2. Now say Joe and Eddie both, try to access Website#1. The users will send an OAuth request to the website via the reverse proxy. On the role based access control specified (or rbac) for each user and credentials entered, the site will send an OAuth response back. If the user role to access the site is valid, the request will be authenticated or else it will be declined. Hence in our use case, Joe will be granted access to Website #1 and Eddie’s request will be denied by the reverse proxy itself.
The main requirement for us here is WordPress role based access control (or rbac), and because of that requests sent to sites by any user will be monitored and proper authentication will run. This way any user from a different role will not be able to access the WordPress website resources.
If the user role is valid to access the website
Suppose a client wants to access a site, first an OAuth request will be sent to the website’s IdP via the miniOrange Reverse Proxy server. The site will send an OAuth response back to the reverse proxy server and if the OAuth response message is valid, the user will be granted access to the WordPress site data.
If the user role is invalid to access the website
Suppose a client wants to access a site, first an OAuth request will be sent from to the website IdP, via the miniOrange Reverse Proxy server. The site will send an OAuth response back to the reverse proxy server and if the OAuth response message is not valid, the user will be denied access then and there by the miniOrange Reverse Proxy.
A crucial feature of miniOrange Reverse Proxy, the WordPress role based access control (or rbac) is seamlessly implemented in this use case. Based on the roles users’ play in an organization, exclusive access to data and information is granted and secured by properly monitoring the requests sent to the website’s IdP which are first intercepted by the miniOrange Reverse Proxy.