Re: [squid-users] Secure access from webapp to database

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 29 Jun 2013 16:49:26 +1200

On 29/06/2013 5:32 a.m., Lois Blood Bennett wrote:
> Hello,
>
> My question is rather general. We are moving a web application to our
> DMZ and I need to find a server/service that will allow the oracle
> database queries to be transmitted encrypted through the firewall then
> sent to the Oracle server. It seems like squid could be the solution.
> Does anyone have any experience using squid in this way? Could
> anyone point me in the right direction?

Firstly Squid is an HTTP proxy it is not an SQL query proxy or relay. It
will only work in the way you describe if the qeuries are sent as HTTP
requests (unlikely).

I suggest placing a Squid proxy in the DMZ instead, which can be
assigned special privilege to access the web service internal location.
Squid is designed to act as a gateway service like this to protect the
backend web service from attacks, unwanted accesses, also to reduce the
bandwidth and request load the backend faces. When operating in reverse
proxy mode it can handle traffic from both internal and external clients
or users and control access to the private service.

Amos
Received on Sat Jun 29 2013 - 04:49:33 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 29 2013 - 12:00:17 MDT