反向代理安全风险
[英]Reverse Proxy Secruity Risks
问题描述
Situation: 
情况:
Consider the site: example.com, hosted at web server A. 考虑以下站点:example.com,位于Web服务器A上。
A WordPress blog is to be installed on a different web server, B. WordPress博客将安装在其他Web服务器B上。
In order to route a WordPress installation to a subdirectory on the main site, eg example.com/blog/, we used a reverse proxy. 为了将WordPress安装路由到主站点上的子目录(例如example.com/blog/),我们使用了反向代理。
We have done this a number of times for other clients (SEO reasons) to keep content within the domain. 我们为其他客户(SEO原因)做了多次以将内容保留在域中。 The main reason we never install WordPress in a subdirectory is for security purposes. 我们从未在子目录中安装WordPress的主要原因是出于安全目的。
Question: 题:
We know that there are some security risks with reverse proxies eg This Original Post - how do we overcome them? 我们知道反向代理存在一些安全风险,例如,此原始帖子 -我们如何克服它们?
What also would be best practice to reduce security risks when use reverse proxies in this way? 以这种方式使用反向代理时,减少安全风险的最佳实践还有什么?
Many thanks. 非常感谢。
1 个解决方案
解决方案1
1 2017-01-27 17:04:56
To be honest I don't consider that the utilisation of a proxy is a security threat. 老实说,我不认为代理的使用是安全威胁。
For the "Same-Origin Policy": it's true, if server B is hacked you can (perhaps) do some mess on server A, but basically if you have a server hacked it's your fault not the proxy one! 对于“相同来源策略”:是的,如果服务器B被黑客入侵,您可以(也许)对服务器A造成混乱,但是基本上,如果您的服务器被黑客入侵,那是您的错,而不是代理服务器!
On the other hand, I fully understand what Tom Leek wanted to tell, if one website is hacked you don't want the other to have repercussion too. 另一方面,我完全理解汤姆·里克(Tom Leek)想要说的话,如果一个网站被黑客入侵,您也不想让另一个网站也受到影响。 Then to make mylittlesubdomain.mywebsite.com is a solution because you will have no link between server A and B. I though that search engine as google took care of subdomains quite well, many big websites just do the blog.website.com 然后使mylittlesubdomain.mywebsite.com是一个解决方案,因为您将在服务器A和B之间没有链接。尽管Google搜索引擎很好地处理了子域,但许多大型网站都在Blog.website.com上做
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.