Your opinion about a corporate proxy server to reach the magazine's website from everywhere

Mauro Tridici mauro.tridici at cmcc.it
Mon Mar 13 07:06:00 UTC 2023 

Thank you Michael for your help and for the link.

Kind Regards,
Mauro


> On 12 Mar 2023, at 22:56, Saint Michael <venefax at gmail.com> wrote:
> 
> Performance is poor at best.
> Please check an identical arrangement at 
> https://1eye.us <https://1eye.us/>
> And if the magazine uses Cloudflare, your proxy will be blocked.
> I haven't been able to defeat Cloudflare. 
> 
> 
> On Sun, Mar 12, 2023 at 5:05 PM Payam Chychi <pchychi at gmail.com <mailto:pchychi at gmail.com>> wrote:
> Can’t comment on what’s best for your company.
> 
> If you plan to do what you described, sounds like a reasonable plan, though many others exist.
> 
> You can do this using nginx + vouch to hook into an idp like Okta, and introduce an identity layer into your connection to secure authentication and authorization up.
> 
> Ldap over internet is a horrible idea.
> 
> Good luck,
> Payam
> 
> On Sun, Mar 12, 2023 at 12:43 PM Mauro Tridici <mauro.tridici at cmcc.it <mailto:mauro.tridici at cmcc.it>> wrote:
> 
> Dear users,
> 
> I am a newbie and would like to know your opinion about a request I received at work.
> 
> I will try to describe the problem.
> The company at which I work has several locations located within the same country. The company has subscribed to an online magazine that can be accessed after providing the public IP with which the various locations face the public network.
> 
> Instead of providing the various public IP addresses related to each of the different locations, my boss proposed to set up a proxy server at the main work location and ask all users in the company to use that proxy to reach the magazine's site.
> In this way, even company users working from home can reach the magazine's website.
> 
> Following are some questions:
> 
> - In your opinion, is this a suggested or recommended solution? 
> - if such a solution falls within best practices, could you point me to some links where examples of configurations are given?
> - from the point of view of network security, it doesn't seem to me to be very secure and I think that, for each of the users, we should create credentials for access to the proxy server (e.g. through an integration with the LDAP server), what do you think?
> 
> I thank you in advance,
> Mauro 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org <mailto:nginx at nginx.org>
> https://mailman.nginx.org/mailman/listinfo/nginx <https://mailman.nginx.org/mailman/listinfo/nginx>
> -- 
> Payam Tarverdyan Chychi
> _______________________________________________
> nginx mailing list
> nginx at nginx.org <mailto:nginx at nginx.org>
> https://mailman.nginx.org/mailman/listinfo/nginx <https://mailman.nginx.org/mailman/listinfo/nginx>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230313/3c61d033/attachment.htm>

More information about the nginx mailing list