We’re currently working on upgrading a small information system for an enterprise. Currently, the system has a corporate network zone (CORP) where services for internal users are placed, and a data center network segment (DC) where a data access service and all databases reside. All applications are essentially deployed in web servers and communication between them is done over HTTPS.

We need to install a new network zone, the DMZ, where a few externally-available services will be placed. During our meetings, we’ve come across an issue which might be of importance.

Data requests arriving from the internet arrive at DMZ Data Access service. DMZ Data Access forwards the request to CORP External Request Handler (which is essentially a proxy that authenticates the request is coming from DMZ Service 1) which then forwards the request to the DC Data Access service.

The problem comes when you add access control checks. Due to the way the previous system is set-up, users, roles, and permissions can be retrieved only through the DC Data Access service. This means that if we build interceptors which check user permissions in DMZ Data Access, the flow of data will include:

User -> DMZ Data Access (permission check) -> CORP External Request Handler -> DC Data Access (permission ok) -> CORP External Request Handler -> DMZ Data Access (permission granted, request data) -> CORP External Request Handler -> DC Data Access -> CORP External Request Handler -> DMZ Data Access -> User

We might be able to move the access control checks to the DC Data Access layer in order to simplify the flow a bit, but we’re still not sure what impact on the performance this would have, nor any idea how susceptible this is to a DDoS attack.

However, we’re not sure if this is the correct approach. Is there any standard way to deal with this issue, should we merge our access control and data access checks into a single request, or are we simply doing premature optimization?

One thing to note is that we can’t rely on active directory or some other authorization provider, as we need to integrate into the existing infrastructure.

✓ Extra quality

ExtraProxies brings the best proxy quality for you with our private and reliable proxies

✓ Extra anonymity

✓ Elite

✓ Anonymous

Buy now

USA proxy location

We offer premium quality USA private proxies – the most essential proxies you can ever want from USA

100% anonymous

Our proxies have TOP level of anonymity + Elite quality, so you are always safe and secure with your proxies

Unlimited bandwidth

Use your proxies as much as you want – we have no limits for data transfer and bandwidth, unlimited usage!

Superfast speed

Superb fast proxy servers with 1,000 mb/s speed – sit back and enjoy your lightning fast private proxies!

99,9% servers uptime

Alive and working proxies all the time – we are taking care of our servers so you can use them without any problems

No usage restrictions

You have freedom to use your proxies with every software, browser or website you want without restrictions

Perfect for SEO

We are 100% friendly with all SEO tasks as well as internet marketing – feel the power with our proxies

Big discounts

Buy more proxies and get better price – we offer various proxy packages with great deals and discounts

Premium support

We are working 24/7 to bring the best proxy experience for you – we are glad to help and assist you!

✓ Extra quality

✓ Extra anonymity

✓ Extra speed

50 proxies

$19/month

100 proxies

$29/month

200 proxies

$49/month

500 proxies

$109/month

1,000 proxies

$179/month

2,000 proxies

$299/month

USA proxy location

100% anonymous

Unlimited bandwidth

Superfast speed

99,9% servers uptime

No usage restrictions

Perfect for SEO

Big discounts

Premium support

Satisfaction guarantee

Best Proxy Packs

Quick Links

Like And Follow Us