Cloudmersive Private Cloud Reverse Proxy Server allows you to apply policies to HTTP traffic with no code changes to your web application. Policies include key security policy outcomes such as virus scanning for file uploads
In general, the Cloudmersive Private Cloud Reverse Proxy Server should be installed on its own infrastructure, and connects to your underlying target application server, and also connects to Cloudmersive Private Cloud Virus Scan API.
Each Cloudmersive Private Cloud Reverse Proxy Server can be configured to host (proxy) multiple underlying sites, each with different URLs/domain names.
To configure Cloudmersive Private Cloud Reverse Proxy Server, navigate to the Cloudmersive Management Portal. Click on Private Cloud, and then click on your Reverse Proxy node. From here, click on Configure Node. Scroll to the bottom of the page and click on Add Site. Give the site a descriptive name, and click on Add Site to create the site. You can add multiple Sites to each server node. To edit an existing site, or the site you just created, you can click on Manage.
To delete a site, click on Manage Site and then click on Delete Site and confirm the deletion operation. Note that deletion operations cannot be undone.
Configuring Endpoints is optional if you only plan to host a single Site; if you do not configure Endpoints, all traffic will be routed to the Site. To configure routing to the server, you will want to setup the endpoints. Note that you will also need to configure Host Bindings. Configuring Endpoints will configure which traffic is associated with a given Site, and which traffic should be routed to the underlying target servers.
To configure Endpoints, you can click on Add Endpoint, and then select the endpoint protocol, domain name (optional), and target port (optional).
When using HTTPS TLS encryption, using public certificates, or private certificates, this is done through Windows Server IIS using standard interfaces. First, connect to your server using Remote Desktop. Then, navigate to Start > Administrative Tools > Internet Information Services (IIS) Manager. Click on the server on the left hand side, and then double-click on Server Certificates. Then click on Import... and then select the certificate file, typically in .pfx format, to import - entering the password if needed. Once imported, your certificate will be stored in the Trust Store and can be used in website host bindings.
Now, you can bind a certificate and host name to your server. Click on Sites > Default Web Site. Then click on Bindings... and then click on Add... to add a host binding. You should add a host binding for each host name / protocol / certificate (if applicable) combination. So for example, if you wish to bind to both https://myserver.com and http://myserver.com, you will want to add two bindings.
To add an HTTPS host binding, click on Add... then select Type and choose https. Under Host name, specify the fully-qualified host name, such as myserver.com or www.myserver.com. Under SSL certificate, select a previously-imported certificate (see above).
To add an HTTP host binding, click on Add... then select Type and choose http. Under Host name, specify the fully-qualified host name, such as myserver.com or www.myserver.com.
To protect traffic passing through yhour Reverse Proxy Server, you can apply Policies onto your server. Policies will process the traffic passing through your server, and can allow or block traffic passing through. Key policies available include:
Apply this policy to automatically Virus Scan any file uploads to your Site through multipart/form-data (default content type for form-based file uploads) using Cloudmersive Private Cloud Virus Scanning API, and block the request from passing to the Target server if the request contains a virus-laden file upload.
You can further configure the Virus Scan Policy. You can set a URL Match Regular Expression to limit the policy to only URLs that match the specified URL regular expression. You can also set a URL for a page to show the user if a virus is found. You can also specify a URL for an error page to show the user if there is an error (e.g. all target servers are down).
Apply this policy to automatically scan base-64 encoded binary file data in JSON requests. This is useful for API-based applications, in which the file data may be base-64 encoded.
You can further configure the Virus Scan Policy. You can set a URL Match Regular Expression to limit the policy to only URLs that match the specified URL regular expression. You can also set a URL for a page to show the user if a virus is found. You can also specify a URL for an error page to show the user if there is an error (e.g. all target servers are down). You can also configure specific JSON fields to virus scan by specifing a JSON Path; if not specified, all base-64 encoded fields will be virus scanned.
Configure a Rate Limit Policy to automatically block client IP addresses that exceed the defined rate limit.
Configure the rate limit value, as well as the unit of time (per Second, or per Minute) to apply the rate limit windowing policy.
This policy will allow you to block access from any IP addresses listed on the blocklist.
This policy will allow you to block access from any IP addresses NOT listed on the allowlist (typically only used for internal services/APIs).
This policy will allow you to block XSS scripting attack requests.
Configuring at least one target server is required. The target server is the underlying server(s) that will server your application. You can add multiple targets, and the Cloudmersive Reverse Proxy Server will load balance traffic across all of the targets.
When specifying the target, you can specify a name, target URL (you can use HTTPS or HTTP transport - be sure the specify the protocl) and also the target port number.
Configuring at least one API key is required for Policies that use the underlying API, such as virus scanning and XSS protection.
Configure your API key as well as, optionally, the fully-qualified URL to your Private Cloud Server (recommended), or leverage Cloudmersive Managed Instances or Cloudmersive Public Cloud.
If you speicify multiple API keys, the Reverse Proxy Server will load balance across the API keys for that site.