Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protection of pia-back #358

Open
scottbisker opened this issue Jun 7, 2019 · 0 comments
Open

Protection of pia-back #358

scottbisker opened this issue Jun 7, 2019 · 0 comments
Assignees
@LaboCNIL
Labels
FEATURE REQUEST IN REVIEW (CNIL)

Comments

@scottbisker
Copy link

It would be nice from an OPSEC standpoint to have the pia front-end service communicate directly with the back-end without utilizing the web browser client. Currently, when configuring the remote server, the web browser communicates directly with the pia-back instance.

From an OPSEC standpoint, it makes it difficult to secure the pia-back instance. If the communication was done between pia and pia-back within a single machine or between 2 machines within the same network, protections could be put in place to prevent communication directly with the back-end server. Additionally, a reverse proxy could be configured to communicate only with the Front-End components of PIA.

As it is now, Firewall rules need to permit access to both PIA and PIA-BACK ports.

This is very similar to setting up an NGINX or HAPROXY instances that servers HTTPS traffic and then forwarding that traffic to an origin host.
@kevin-atnos kevin-atnos changed the title [FEATURE REQUEST] Protection of pia-back Protection of pia-back Feb 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LaboCNIL LaboCNIL

Labels
FEATURE REQUEST IN REVIEW (CNIL)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@brunto @LaboCNIL @kevin-atnos @scottbisker