Configuration in a pseudo reverse mode

Discuss and get help to configure CacheGuard to protect Web servers
rmansell
Posts: 6
Joined: 14 Sep 2015 16:54

Re: Configuration in a pseudo reverse mode

Post by rmansell »

Hi David,
The CacheGuard is not cabled in yet. Our expectation is that on the inside of the network, we would have a private address in the 10.2.0.0/23 network and on the outside - pointing to the router, we would have a public ip address. We need a recommendation as to which one we call "internal" and which one we call "external" since this is not clearly a forward or reverse proxy.
The pre-authentication splash screen contains standard URL references using FQDNs. These resolve into a potentially large number of seemingly random ip addresses. The firewall will only accept ip addresses, port numbers and protocol numbers - it will not accept FQDNs in its configuration. It is a captive firewall in the WLAN controller and we cannot change thatge the FQDNs in the splash screens to a fixed ip address which would point to the inside port on the proxy. This ip address would also be in the firewall whitelist. The proxy would translate the ip address in the URL to the FQDN form in order to retrieve the content and relay it back to the client such that it appears to be coming from the inside ip address of the proxy.
The ID would be in whatever certificate is used by the content provider - we are not providing the certificate - self signed or otherwise.
We wanted to understand the capabilities before we implement.
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Configuration in a pseudo reverse mode

Post by david »

Dear RMansell

When you say:
These resolve into a potentially large number of seemingly random ip addresses.
Question 1: are those random IP private? Or public? If they are private to which subnet do they belong ? (10.2.0.0/23)?

Question 2: at the stage where a client get the splash screen, what is the IP configuration on the client machine? And especially what is the configured DNS on that machine (by the client DHCP)?

When you say:
...such that it appears to be coming from the inside ip address of the proxy...
Question3: do you mean that the client at that stage will see in his browser an URL having the form: "https://10.2.xxx.yyy/..." but the content of that URL (the displayed page in the browser) is provided by the CDN?

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Configuration in a pseudo reverse mode

Post by david »

Dear RMansell

You have not been posting your replies since a long time. If you think that CacheGuard doesn't meet your particular needs we can close this topic. What do you think?

I also want to further clarify for our readers that with CacheGuard in its present version (NG 1.1.2):
  • - Backend servers communicate with CacheGuard using HTTP only (and not HTTPS).
    - Backend servers should be known in advance and identifiable by their IP addresses.
FYI we may enhance some features if we identify a clear and common enough needs that merits our attention.

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Post Reply