add Proxy in front

[Pierre-Gronau-ndaal]

add Proxy in front with e.g., HAProxy with Mod Security this will increase security from a defense of depth perspective

[Eugeny]

Do you mean in the Docker image? Could you add some information on the advantages of having Oxy in the front?

[Pierre-Gronau-ndaal]

at the end both, primerly in the container imge

advantages for proxy - here https://www.rswebsols.com/tutorials/technology/proxy-server-advantages-disadvantages for Oxy

• fully Rust implementation
• tiny overhead comparing to nginx, apache, HAProxy
• and maybe we can protect sql targets against sql injection before we reach out to the target: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html using the core rule set https://github.com/coreruleset/coreruleset

[Pierre-Gronau-ndaal]

Oxy is not released so far therefore another proxy as proposal

[Eugeny]

Sorry for the delay - but still, how does Oxy fit into Warpgate image? WG itself is already an HTTP proxy/multiplexer, and heuristical threat detection is something that everyone needs to decide for themselves, we can't just start blocking requests that look suspicious.