Add Your Heading Text Here

Share it:

Now it’s time to fix our attention on proxy attacks. However, before we delve into proxy attacks and prevention methods, let’s resolve the difference between Reverse Proxy and Forward Proxy.

Reverse Proxy:  is usually placed between a client and a web server. It receives initial HTTP connection requests, acting like the actual endpoint(web server). The reverse proxy serves as a gateway between users and  application web server.

Forward Proxy: usually sits between a client and a web server.Unlike reverse proxy, it regulates outbound traffic according to preset policies. In addition, it disguises a client’s IP address and blocks malicious traffic

For this article, we are going to look at how attackers can attack reverse proxy and how developers and application security engineers could make it difficult for attackers to achieve their malicious aims. The following are common types of attacks against reverse proxy:

  •      Cache Poisoning
  •     HTTP Response Splitting
  •    Cross-User Defacement 

Let’s briefly examine how cache poisoning works.

Cache Poisoning: Cache poisoning is quite possible because of web content caching.

 Caching web content improves web content on performance on the server-side and client-side(i.e user-side) . However, the HTTP protocol used in caching mechanism performs integrity check on the server-side only.  This specific flaw allows cache poisoning.

  •  Attackers search for and exploits flaws in the code, allowing them to place illegitimate headers in the HTTP header field
  • Attackers deletes out legitimate cached content from the cache server.
  • The attacker sends a specially crafted request to the cached server.
  • Users requesting for commonly retrieved content receives malicious content until the cache entry is flushed.

 Preventing Cache Poisoning:

  •           Make use of DNSSEC : DNS Security Extensions (DNS Security Extensions (DNSSEC) are a set of Internet Engineering Task Force standards created to address vulnerabilities in the Domain Name System (DNS) and protect it from online threats.
  •         Limit the number of recursive queries to the DNS

#ISA_informs

#ISA_ltd