Our company provides (on prem) a Windows IIS based web application for a client of ours. Through a security review, the client is now requiring:
- High availability setup with load balancer
- application proxy for TLS/TCP termination and packet inspection
- restricting Internal application’s direct access to internet through firewall with application/reverse proxy
The security team considers items 2 and 3 to be the same risk. In doing some research for possible remediation, HAProxy seems like it could help us, but we are not positive. How simple can this configuration be to implement? We want to satisfy the requirement while limiting the amount of changes to current infrastructure. Any advice on this is greatly appreciated, it’s outside our wheelhouse.