home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Apache The Definitive Guide, 3rd EditionApache: The Definitive GuideSearch this book

Chapter 9. Proxying

There are a few good reasons why you should not connect a busy web site straight to the Web:

  • To get better performance by caching popular pages and distributing other requests among a number of servers.

  • To improve security by giving the Bad Guys another stretch of defended ground to crawl over.

  • To give local users, protected by a firewall, access to the great Web outside, as discussed in Chapter 11.

The answer is to use a proxy server, which can be either Apache itself or a specialized product like Squid.

9.1. Security

An important concern on the Web is keeping the Bad Guys out of your network (see Chapter 11). One established technique is to keep the network hidden behind a firewall; this works well, but as soon as you do it, it also means that everyone on the same network suddenly finds that their view of the Net has disappeared (rather like people living near Miami Beach before and after the building boom). This becomes an urgent issue at Butterthlies, Inc., as competition heats up and naughty-minded Bad Guys keep trying to break our security and get in. We install a firewall and, anticipating the instant outcries from the marketing animals who need to get out on the Web and surf for prey, we also install a proxy server to get them out there.

So, in addition to the Apache that serves clients visiting our sites and is protected by the firewall, we need a copy of Apache to act as a proxy server to let us, in our turn, access other sites out on the Web. Without the proxy server, those inside are safe but blind.



Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.