Using a reverse proxy within a DMZ to dispatch Internet requests to internal Web servers is a very well known best practice but what about using a similar setup for intranet requests ?
If a install a reverse proxy server for internal usage and define a new secure zone (between firewalls) where I place internal Web servers, I will be able to prevent direct access to internal servers and I also get the benefits of hiding ports, perform load-balancing, caching etc.
But I can't find any such advices on the Web, reverse proxy servers always show up in an Internet context. So is it streamline or an overkill architecture for internal requests ?
An alternative to the firewalls would be to configure each internal Web server, so they only accept requests coming from a reverse proxy but I still need the reverse proxy to get the other benefits. A VLAN might be a better choice in this situation...
I would like to hear your opinion about it.
Bookmarks