Design and Implementation of a Rewriting Forward Proxy

semester thesis - march 22, 2005 - david fuchs

The objective of this semester thesis is the design and implementation of a secure forward HTTP proxy for the ETHZs Information Security Laboratory. While providing basic internet access, the proxy protects external sites from malicious activities from within the lab's network, like SQL injections or HTTP header based hacking. The proxy solution presented in this document filters HTTP traffic more strictly than conventional web proxies enhanced with filtering rules do. The basic rule is that no unvalidated client-provided data is forwarded to external web resources. Access is only allowed to "known" URLs: requests are forwarded only if they are contained in a pre-loaded table of allowed web resources or were identified on previously requested html pages. Passing data via the HTTP GET or POST methods is only permitted for selected web resources, and the passed values are validated in a strict manner.

Keywords: forward web proxy, rewriting web proxy, internet security, information security

semester thesis report
semester thesis presentation slides
performance measurement results
javadoc documentation
download a copy of the proxy

Valid XHTML 1.0!