Is NAT can provide some kind of protection?

William Herrin bill at
Thu Jan 13 12:14:27 CST 2011

On Thu, Jan 13, 2011 at 1:11 PM, Jack Bates <jbates at> wrote:
> On 1/13/2011 11:56 AM, William Herrin wrote:
>> So all the folks who use reverse proxies like an http accellerator are
>> wrong?
> They have their purpose. However, depending on the security rating of the
> accelerator versus the security rating of the backend server will depend on
> the negative or positive effect it has on overall security.
> 1) If backend server has low security rating and proxy also serves to
> protect backend server flaws, then the proxy has a positive security rating.
> 2) If backend server is similar or better security rating than the proxy,
> then the proxy server has a negative security rating, as it has introduced a
> second application in the channel which can possibly be exploited. ie, you
> have to worry about backend server security as well as the proxy security,
> and exploiting either can possibly compromise security for both.

That's what I think. I'm curious what Roland thinks.


William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list