Reverse Proxy Data Diode

Robert Gabriel ephemeric at
Sat Mar 16 20:38:07 UTC 2013

Hello all,

The below article

uses a fiber optic data diode along with Nginx as a reverse proxy.

The author states:

"TCP/IP client-server reverse proxies on either end of the data diode
can be setup to respond to
the hand shaking requests automatically without the need to actually
send any data back to
the insecure network. The client-server proxies solution should work
in most cases however,
through testing should be completed in a lab environment before
deploying a data diode
solution into an ICS."


"Step 5 – Configure your Reverse Proxy

Depending on the data you want to replicate you can either configure
an open source reverse
proxy like nginx (engine x) and use your database’s web services to
replicate the data.

Step 6 – Disconnect one of the fiber optic ST connectors

Once you have your two proxy servers configured and communicating to
each other you can
simply disconnect one of the two fiber ST connectors.  You will likely
need to spend time
properly configuring your reverse proxy servers to relay the
information correctly and you will
need to write some scripts in your database to perform the continuous
data replication."

He however does not provide any working configuration.

We would love to implement this and I greatly appreciate any help.

If someone can at least just point me in the right direction I would
be eternally grateful.

Thank you.

More information about the nginx mailing list