Distil can be deployed in two ways. They are:
- Layer 7 reverse proxy
- Layer 2 bridge, a.k.a., transparent proxy
NOTE: Distil can only deploy as a Layer 2 (transparent proxy) with the on-premise Distil appliance.
In this scenario, load balancers are configured to send traffic to Distil, which then sends traffic back to a different VIP on the load balancer. This presents a few challenges, such as needing to configure routing rules on the load balancer. This scenario also doubles the requests and throughput on the load balancer.
The timeline for implementing Distil as a reverse proxy depends on your chosen deployment , since you might need to alter existing load balancer rules and/or IP configurations. Public Distil cloud deployments can deploy in a matter of hours, whereas private cloud deployments take a few days. On-premise deployments can be accomplished over the course of a few weeks.
1. The client makes a request and it is received at the load balancer
2. The load balancer evaluates the source address of the request and as it does not match the source address of either of the Distil appliances, proxies the request to the Distil appliances
3a. Distil inspects the request, no threat response and no identification test is required, and proxies the request back to the load balancer, continue to step 4
3b. Distil inspects the request, a threat response is required, and Distil returns a threat response page to the load balancer, and the load balancer returns that threat response to the client, and the client processes the CAPTCHA, Block, or Drop
3c. Distil inspect the request, an identification test is required, and Distil returns an identification test page to the load balancer, and the load balancer returns that identification response to the client, and the client completes the identification test, then returns to step 1
4. The load balancer evaluates the source address of the request and as it does match the source address of one of the Distil appliances, proxies the request to the origin
5. The origin responds to the request, returning the content requested and sending it back to the load balancer
6. The load balancer returns the content to the Distil appliance
7. The Distil appliance returns the content to the load balancer, injecting the Distil Fingerprint Test and Distil Honeypot Link in responses which are text/html
8. The load balancer returns the content to the browser
How do I request Distil’s reverse proxy?
The reverse proxy deployment is available as an on-premise deployment, a private cloud deployment, or a public Distil cloud deployment. To request Distil’s reverse proxy deployment, simply get in touch with Distil. We will help plan and coordinate the best deployment for you.