What is Reverse Proxy?
A reverse proxy is a server that sits in front of web servers and sends requests from clients (such as web browsers) to those servers. In most cases, reverse proxies are used to improve security, performance, and dependability.
Why does your organisation need miniOrange Reverse Proxy?
- To block access to certain content: Proxy servers can be used to prevent a group of people from accessing particular websites. You can restrict priority access to only authorised users or give non-compliant visitor users partial access. Your resources can only be accessed by users who have logged in using your Identity Providers or Federated Identities.
- To rewrite the URL: The process of changing any URL structure while loading a page is known as URL rewriting. Allowing an Internet user to access a Website with a complicated URL by entering a simpler URL into the address bar of a Web browser is an example of constructive usage of this method.
- Securing Web Server Infrastructure: A reverse proxy can hide the infrastructure of your back-end servers by removing the need for direct internet access by intercepting requests. If the reverse proxy detects malicious requests, it blocks them until they hit a web server or places a barrier in the web services.
This blog mainly covers how you can set up Reverse Proxy to Secure Cloud Applications on Unmanaged devices. In this scenario, unmanaged devices are the personal laptops of the users. The users with the company’s laptop and the users who happen to be the partners of the company will be able to access the cloud applications and not the ones with their personal laptop.
How to access control using miniOrange Revere Proxy ?
Let’s say the company has 2 applications, namely JIRA and Confluence. There are 3 users: User Alice, User Bob and User Sam in the company. Alice has the company’s laptop i.e. a Windows Domain Joint Machine as shown in the figure above, Bob is the partner of the company and doesn’t have the company’s laptop and Sam has a personal laptop. All the three users try to access the applications but one of them is unsuccessful. Alice who has the company’s laptop is able to access the applications easily, Bob who is the partner of the company and does not have the company’s laptop is also able to access the applications, only if he is working on a static IP but Sam who has a personal laptop is not granted access at any cost. Reverse proxy server is used to block the access to a group of users who are working on their personal laptops.
Implementing miniOrange Reverse Proxy in the enterprise.
- The Windows Domain Joint machine is configured with the AD server. Whenever any user tries to log into the application, a token is provided by the AD server, which Windows machine will send in each request for the application. This AD token helps to identify whether the user is trying to access the application from an office laptop or not.
- Reverse Proxy authenticates the token which comes from the Windows domain joint machine after every request using AD Server. It checks whether the token is valid or not.
- If the token is not present in the Active Directory, then the access is not granted.
- If the token is present and the user is trying to access the application from the company’s laptop then the access is granted, else if trying to access from a personal laptop then the access is denied.
- User B doesn’t have the company’s laptop therefore the use case can be achieved only when the user is working on a static IP address or connected to a VPN. If the user is working on a static IP, then access will be granted to that IP explicitly.
Reverse proxy becomes one of the mandates for organizational infrastructure, given the need and efficacy necessary for security within organizations. Aside from decreasing downtime by spreading the load from incoming requests and being extremely scalable, adaptable, and efficient, it also delivers significant value to your organization’s security by protecting you against cyber attack vulnerabilities. So, if you’re looking to establish a Reverse proxy for your company, miniOrange fits the bill with world-class service and reasonable pricing.