17Şub
Attack surface of a reverse proxy secured with mTLS?
Suppose that I have a reverse proxy such as caddy or Traefik that requires a client certificate to authenticate via mTLS, globally across reverse proxy.
What is the attack surface for services behind this proxy exposed publicly?
The handshake fails right from the beginning if the client doesn’t have a valid certificate. The attacker won’t even see the services. It seems similar to SSL VPN.
I assume the attacker is outside.
