The Proposals Wiki has been deprecated in favor of creating Feature Requests in JIRA. If you wish to propose a new idea for a feature, visit the Community Ideas Dashboard and read the Feature Requests Wiki page for more information about submitting your proposal.
« FrontPage に戻る

Secure Access to Liferay through RProxyDMZ

This page has been moved here from the Main wiki because it is, in fact a proposal.



Putting a Liferay-Portal directly on the Internet gives attackers direct access to any vulnerabilities of the underlying platform (application, web server, libraries, operating system). However, to provide a useful service to Internet users, access to your portal-server is required. A packet filter firewall shields your portal-server from attacks on the network level. In addition a Protection Reverse Proxy protects the portal-server software on the level of the application protocol.

Security is not the only reason why a ReverseProxy is useful. A ReververseProxy can be used as a common entry Point for different backend-systems (Integration-Proxy) and/or as a FrontDoor for sigle sign on and access control.

Graphic #

This shows a RProxy with a 1:1 URL-Mapping. You could do very complicated URL-Mappings too, but for security- and performance-reason its always a good idea to keep RProxy configs it as simple as possible.


<discuss the requirements and objectives>

Discussion of Design/Implementation Approach#

<discuss the design/implementation approach>

ToDo decription of solution using mod_jk

ToDO decription of solution using pound

Comments #

This sort of functionality should be implemented in the caching portion of Liferay, IMHO. Allowing the installation of the Caching/Proxy server on multiple machines, particularly if they can be geographically distributed (ala Akami) really goes a long way toward reaching for that N-tiered application.

Lisa Simpson | Posted on 10/6/09 10:23 AM

1 画像の固定
22381 参照数
平均 (0 投票)