![]() I designed a SAML-aware reverse-proxy using a combination of Apache 2.4, mod_auth_mellon, and a sprinkling of ModSecurity to add some rate limiting capabilities. Yet, employees were frustrated that most day-to-day operations did not require jumping on a corporate VPN until you had to reach one of these magical systems. It wasn’t super cost-effective to jump into a 1500+ employee seat contract with Duo (now Cisco), Cloudflare Access, or ScaleFT Zero Trust Web Access 1 just to solve this particular problem across a small number of hosts. We are an enterprise, but only had a small handful of these ‘naughty’ systems. Probably wouldn’t be exposed outside of the firewall/VPN at most companies because they were never designed to be Internet-facing. ![]() Don’t support SAML (or whatever flavor of federation you prefer).Historically, we have had to support some applications that: My employer wholly embraces the coffee-shop model for employee access, which can induce a bit of stress if your job is to protect company resources.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |