Working at $big_company is not without its challenges, but the least of which should be network access, right? No, of course not. Installed “security appliances” (see the SSL MiTM post for more on that) on the network always limit access from within the corporate firewall out to the Iernet at large to protect from security vulurables. This is all great and fine, but that kind of protection always errs on blocking, so working with open source projects that are easy to install and run out in the real world become a nightmare when you’re inside the coporate firewall.
Note: The following testing and writeup occurred in the Fall of 2007 following months of research and conjecture. I repost it now because it was not originally posted publicly, and because the results are still a driving factor in how I architect systems for web production. This week I am implementing Varnish to enhance an image server’s ability to scale and serve images online.
A client’s new ‘enterprise’ content management system proves to be far too slow to serve the multiple dynamic web sites that it’s scheduled to handle, and a reverse proxy was recommended by the company that sells the CMS to remedy the issue.