The following document details the concerns involved with proxy setups and the reasons why we cannot support them within WiscWeb.
In This Document:
Proxy setups add exponential complexity to an environment. There are increases in maintenance, troubleshooting and every day operations. This list is not exhaustive, but these are the issues we have encountered thus far:
False Positives for Denial of Service Attacks
WordFence and Web Application Firewalls see a single IP address as an attacker and will deny requests if the traffic limit is exceeded within a certain amount of time. At that point, the website would cease to work and users would not be able to get to it. This would be considered a site “outage.” Additionally, this issue can inadvertently affect your access to your WiscWeb site due to these rate limiting settings.
False Positive Outages
If an outage occurs with the proxy service, it can appear as though the site is down due to an issue in WiscWeb. It can be time-consuming and challenging to pinpoint the true cause of these outages.
Additionally, there are concerns with the following:
- DNS-related concerns over these domains not resolving to WiscWeb
- Requires special configuration in order for things like analytics to work
- Security vulnerabilities and security scanning become immensely more complex because things are not all in the same place
- Our service has had collateral damage for security issues that are not even on our service. This requires us to dedicate valuable time and resources to troubleshooting.
WiscWeb is not currently taking requests for proxy setups for sites hosted within the multisite environment. This is to protect the stability of the multi-site service offering and to free up time for our technicians, as troubleshooting these requests is extremely time-consuming and risk-laden. Please seek alternative option for this need.
The only alternative option we can suggest at this time is a redirect approach. You could choose a new domain name in order to resolve directly to WiscWeb. Then just redirect proxy domain to the new domain.