How to Get A Truly Secure HTTPS Proxy
WHY HTTPS OVER HTTP PROXIES IS NOT SECURE
The standard recommendation of using HTTPS over HTTP proxies to access protected services and websites is not truly a secure solution.
HTTPS via HTTP proxy does not fully secure your traffic from malicious attacks from one trusted endpoint to another.
While the information between your application and the destination server is encrypted via HTTPS, the credentials between your application and the HTTP Proxy are exposed in the clear for anyone to capture and exploit.
QuotaGuard Shield provides users with a fully secure outbound HTTPS proxy. Much like a traditional HTTP Proxy, the QuotaGuard Shield HTTPS proxy can route HTTP and HTTPS traffic.
The key difference is that the connection between your application and the proxy is completed using HTTPS, securing your proxy credentials for prying eyes. Unlike other proxy services, QuotaGuard Shield secures the initial CONNECT request – which contains the proxy credentials.
WHAT IS EXPOSED WITH HTTPS OVER HTTP PROXIES
When executing an HTTPS connection via an HTTP Proxy, any bad actor can easily snoop your proxy requests and access seemingly safe information, including:
Your proxy username
Your proxy password
The destination server’s host-name
The destination server’s port
Now, anyone armed with this information can make forged requests through your “secure” HTTP Proxy. This type of half-enabled security leaves your server open to future malicious attacks and compromises the confidentiality and integrity of your traffic.
That’s why we made QuotaGuard Shield – to solve this exact problem for our customers who need end to end security for sensitive information, like PCI data, HIPPA medical information, and financial transaction data between two or more protected resources.
END-TO-END SECURITY WITH QUOTAGUARD SHIELD HTTPS PROXY
When paired with HTTPS requests to your destination, QuotaGuard Shield’s HTTPS proxy provides complete end to end security for your requests and your credentials.
To make a secure request, our HTTPS Proxy will, on receipt of a secure CONNECT request, open a tunnel between your client and the endpoint. This allows your client to negotiate a standard SSL session with that endpoint while also protecting the credentials used to establish that end to end connection.
Once negotiated, all traffic sent between your client and the endpoint will be encrypted, as if you had connected directly with them.
The QuotaGuard team, nor anyone else, will have access to the information in your HTTPS requests or the credentials between your application and the HTTPS Proxy.
Over the past few days, Michael and Tim troubleshooted my QGTunnel connection. Though the problem ended up being on my side, they were careful, understanding, and empathetic.
They responded within 30 minutes of each email I sent, while I expected at least a couple of hours. Tim was even kind enough to go through my Heroku project to find potential bugs that could’ve caused my issue.
I’ll continue working with/recommending QuotaGuard to anyone using Heroku to connect to a DB with whitelisted IPs.
Tim S. – Data Scientist for IHeartJane.com