This wiki does not contain official documentation and is currently deprecated and read only. Please try reading the documentation on the Liferay Developer Network, the new site dedicated to Liferay documentation. DISCOVER Build your web site, collaborate with your colleagues, manage your content, and more. DEVELOP Build applications that run inside Liferay, extend the features provided out of the box with Liferay's APIs. DISTRIBUTE Let the world know about your app by publishing it in Liferay's marketplace. PARTICIPATE Become a part of Liferay's community, meet other Liferay users, and get involved in the open source project.

Wiki

The Proposals Wiki has been deprecated in favor of creating Feature Requests in JIRA. If you wish to propose a new idea for a feature, visit the Community Ideas Dashboard and read the Feature Requests Wiki page for more information about submitting your proposal.
« Back to FrontPage

Secure Access to Liferay through RProxyDMZ

Details Print

Table of Contents [-]

  1. Descriptions
    1. RProxy/DMZ
    2. Graphic
      1. Requirements/Objectives
        1. Discussion of Design/Implementation Approach
          1. Comments

            This page has been moved here from the Main wiki because it is, in fact a proposal.

            Descriptions#

            RProxy/DMZ#

            Putting a Liferay-Portal directly on the Internet gives attackers direct access to any vulnerabilities of the underlying platform (application, web server, libraries, operating system). However, to provide a useful service to Internet users, access to your portal-server is required. A packet filter firewall shields your portal-server from attacks on the network level. In addition a Protection Reverse Proxy protects the portal-server software on the level of the application protocol.

            Security is not the only reason why a ReverseProxy is useful. A ReververseProxy can be used as a common entry Point for different backend-systems (Integration-Proxy) and/or as a FrontDoor for sigle sign on and access control.

            Graphic #

            This shows a RProxy with a 1:1 URL-Mapping. You could do very complicated URL-Mappings too, but for security- and performance-reason its always a good idea to keep RProxy configs it as simple as possible.

            Requirements/Objectives#

            <discuss the requirements and objectives>

            Discussion of Design/Implementation Approach#

            <discuss the design/implementation approach>

            ToDo decription of solution using mod_jk

            ToDO decription of solution using pound

            Comments #

            This sort of functionality should be implemented in the caching portion of Liferay, IMHO. Allowing the installation of the Caching/Proxy server on multiple machines, particularly if they can be geographically distributed (ala Akami) really goes a long way toward reaching for that N-tiered application.

            Lisa Simpson | Posted on 10/6/09 10:23 AM

            1 Attachment
            24565 Views
            Average (0 Votes)
            The average rating is 0.0 stars out of 5.
            Comments