Follow

Distil as a Reverse Proxy

As a reverse proxy, the Distil instance is deployed inline between your load balancer and origin server pool. It has unaltered access to HTTP requests sent to the server pool so as to carry out active, real-time inspection. The Distil instance also has access to origin server responses so as to carry out HTTP stream injection, e.g., honey pot link insertion and JavaScript injection.

In this scenario, load balancers are configured to send traffic to Distil, which then sends traffic back to a different VIP on the load balancer. This presents a few challenges, such as needing to configure routing rules on the load balancer. This scenario also doubles the requests and throughput on the load balancer.

The timeline for implementing Distil as a reverse proxy depends on your chosen deployment , since you might need to alter existing load balancer rules and/or IP configurations. Public Distil cloud deployments can deploy in a matter of hours, whereas private cloud deployments take a few days. On-premise deployments can be accomplished over the course of a few weeks.

Reverse_Proxy_Traffic_Flow.png  

1.  The client makes a request and it is received at the load balancer

2.  The load balancer evaluates the source address of the request and as it does not match the source address of either of the Distil appliances, proxies the request to the Distil appliances

3a.  Distil inspects the request, no threat response and no identification test is required, and proxies the request back to the load balancer, continue to step 4

3b.  Distil inspects the request, a threat response is required, and Distil returns a threat response page to the load balancer, and the load balancer returns that threat response to the client, and the client processes the CAPTCHA, Block, or Drop

3c.  Distil inspect the request, an identification test is required, and Distil returns an identification test page to the load balancer, and the load balancer returns that identification response to the client, and the client completes the identification test, then returns to step 1

4. The load balancer evaluates the source address of the request and as it does match the source address of one of the Distil appliances, proxies the request to the origin

5. The origin responds to the request, returning the content requested and sending it back to the load balancer

6. The load balancer returns the content to the Distil appliance

7. The Distil appliance returns the content to the load balancer, injecting the Distil Fingerprint Test and Distil Honeypot Link in responses which are text/html

8. The load balancer returns the content to the browser

How do I request Distil’s reverse proxy?

The reverse proxy deployment is available as an on-premise deployment, a private cloud deployment, or a public Distil cloud deployment. To request Distil’s reverse proxy deployment, simply get in touch with Distil. We will help plan and coordinate the best deployment for you.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments