I hear that ModSecurity can be run in reverse proxy-mode, how does that differ from embedded-mode?
The only difference with this deployment vs. an embedded one is that Apache itself is configured to function as a reverse proxy.Advantages Single point of access – functions as a choke point so you consolidate applying security settings and makes management easier. Network topology is hidden from the outside world – so it will be more difficult for attackers to enumerate your web platforms. Increased performance – if SSL accelerators/caching used. You can implement vulnerability filters to protect and vulnerable web server or application on the backend (IIS, Netscape, ASP, PHP, etc…). See related section on Virtual Patching. Disadvantages A potential traffic bottleneck if the reverse proxy can not handle the network load. A potential point of failure – if the reverse proxy goes down it may cause a denial of service to the web applications that are behind it. Requires changes to the network.
