waf before revers proxy

Hello,
should i take the reverse proxy before the waf or behind it ?
i didn't use the waf as reverse proxy.
thanks.
Amin El-ZeinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
Assuming that the reverse proxy also is responsible for for decrypting SSL links the WAF should be behind the reverse proxy.
A WAF should be able to act on all data in the stream, which is hard to do on encrypted links.
Reverse proxies are mostly not meant to be used as caches like the "straight" proxies, they are used to distribute the work (Load balance, failover handling ..)
0
Amin El-ZeinAuthor Commented:
so the default gateway for web server will be the waf device right ?
thanks.
0
nociSoftware EngineerCommented:
Ow that depends on network layout.....
If the WAF+Reverse proxy are in a DMZ no....

Default gateway belongs to the network toplogy.... for this chain to work people enter the system from outside, and meet the reverse proxy,
the reverse proxy handles the connection, decrypts SSL,  and dispatches to some backend, in your case the ipaddress of the WAF, the WAF on its turn should connect validated request through to a webserver (farm?).... and when the connection is established there will be an automatic flow back for valid connections.  
All those transaction take place on Level 7 in the OSI stack  [ application layer ].

Default Gateway is associated with IP routing which is Level 3 in the OSI Stack. [ Routing Layer ].
So if your WAF is ALSO an IP router then the default gateway can point there.  But it is a function of being an IP router.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.