Placement Between Firewall and Web Servers

WebApp Secure acts as a reverse proxy and actively manipulates traffic between the protected web application and the Internet. It is deployed between the protected webserver and the last system which can alter user-facing traffic. This location gives WebApp Secure full visibility into the HTTP traffic destined for the webservers (including any errors caused by authentication failures), and lets it inject and strip out any code it uses in protecting the application. This topology has the added benefit of minimally impacting internal network bandwidth. The following figure shows the WebApp Secure deployed in its most simple form as a reverse proxy connected to a load balancer.

Figure 2: WebApp Secure Placement in the Network - Between Firewall and Web Servers

WebApp Secure Placement in the Network - Between Firewall
and Web Servers

Network placement requirements for WebApp Secure are as follows:

The actual implementation depends on the user's specific network topology. The following figure shows a more complex environment with clustered webservers and clustered appliances.

Figure 3: WebApp Secure Deployment - Connected to Load Balancer

 WebApp Secure Deployment - Connected to Load Balancer