Technical Articles

Review Cloudmersive's technical library.

How to Protect File Uploads against Viruses and Malware
2/6/2023 - Brian O'Neill


caution on keyboard

Why is file security so important, and what is the risk in failing to secure file uploads?

There’s a lot at stake when external files are uploaded to our websites. Poorly vetted files containing viruses and malware can lay dormant in storage for indefinite periods of time before executing attacks from within, compromising our systems and stealing or corrupting invaluable data.

Once our systems are exploited, the resulting damage can range from catastrophic to completely irreparable, resulting in a major blow to our bottom line and to our credibility as a secure and reliable business. Even worse, our website patrons can be directly affected by our security failure when they unwittingly download infected files made available through our servers. All told, it’s essential that we take numerous steps to protect our systems from hidden file threats.

What are the steps an online business should take to protect their systems against malicious file uploads?

There are a variety of ways we can actively protect our systems against malicious file uploads. To begin with the most obvious solution, deploying a virus scanning service is essential. From a high-level security architecture point of view, there are many ways to do this; for example, such services are often incorporated into a reverse proxy or ICAP server to take advantage of the strategic bottleneck (receiving each incoming server-bound HTTP message) each option occupies.

New files originating from a client-side visitor should be thoroughly vetted through our Virus Scanning service for viruses and malware, and certain file types (such as executables and password-protected files) should trigger alarm bells even when they don’t overtly contain virus or malware signatures.

Further, after files are thoroughly vetted through these initial policies, they should be scanned regularly in storage (especially cloud storage). Taking this extra step adds an important layer of redundancy to our security architecture, smoking out malicious files which may have snuck into storage from a typically trustworthy source.

In addition to the above, checking the IP addresses of certain client-side users attempting file uploads can sometimes help identify whether a malicious file upload is imminent. Files originating from known cybercriminal IP address should never be trusted, and files originating from generally suspicious IP addresses (such as bot clients or Tor servers) should receive an additional layer of scrutiny. This layer of security can also help protect against various network security threats.

Finally, once our file security solutions are in place, they need to be regularly updated and reviewed. There’s no such thing as a static security solution; cybercriminals are constantly at work developing new ways to advance and disguise their threats, so our security policies need to mirror those efforts as threats take on new forms.

How does the Cloudmersive Virus Scanning API protect files uploads?

The Cloudmersive Virus Scanning API offers 360-degree content protection, referencing a continuously updated list of more than 17 million virus and malware signatures to find threats hidden within file uploads. Advanced Virus Scanning API features can be customized to allow or block various inherently dangerous file types such as executables, invalid files, scripts, password protected files and much more. This API boasts high-speed, in-memory scanning and delivers a sub-second average response time.

The Virus Scanning API can be custom integrated within your systems, and it can also be leveraged as the underlying service in a Virus Scanning Reverse Proxy server or Virus Scanning ICAP server. Further, in product form (Cloudmersive Storage Protect), this API can be deployed in conjunction with Azure Blob, AWS S3, SharePoint Online and GCP to scan files in cloud storage.

For more information on the Cloudmersive Virus Scanning API and its various applications, please contact our sales team.



What is a Virus Scanning ICAP Server?
1/19/2023 - Brian O'Neill


light blue servers

What is ICAP?

ICAP (Internet Content Adaptation Protocol) is a lightweight, transparent internet protocol capable of modifying HTTP messages. ICAP was initially proposed at the turn of the millennium as the need for scalable internet services became increasingly apparent. Global internet traffic was growing exponentially, and ICAP presented an efficient way of reducing the burden on monolithic servers to process high volumes of HTTP messages on their own.

How are ICAP Servers used?

ICAP servers are typically used to extend the services of proxy servers. They do so by performing specific content adaptation services on HTTP messages as they flow through a network. In this case, “content adaptation services” refers to many important, value-add operations such as virus scanning, language translation, ad insertion, content filtering, and more.

In effect, ICAP servers lighten the load experienced by proxy servers on a high-traffic network. A company can deploy an ICAP server to access its proxy server caches and perform its adjacent value-add services seamlessly.

What is a Virus Scanning ICAP Server, and What are its Advantages?

A virus scanning ICAP server is one which is deployed specifically to scan HTTP message contents for viruses (and other forms of malicious content) as those messages flow through a network.

Leveraging ICAP for virus scanning purposes is highly advantageous for several reasons, and it’s an extremely common practice as a result. These servers fit naturally into network chokepoints, which are ideal positions for any security policy. At the same time, they also increase the efficiency of high-traffic networks by reducing the need for proxy servers (which typically perform several different tasks at once) to scan each HTTP message for viruses by themselves. Their relative ease of deployment and maintenance makes them a particularly cost-effective security policy as well.

What is the Cloudmersive Virus Scanning ICAP Server?

The Cloudmersive Virus Scanning ICAP Server performs its value-add service by calling the Cloudmersive Virus Scanning API as HTTP messages pass through your network. The Virus Scanning API offers distinct security advantages, including continuously updated signatures for millions of threats and advanced, high-performance scanning capabilities. In addition, the Virus Scanning API provides customizable content security policies, allowing you to block or allow content including executables, invalid files, scripts, password-protected files, and more.

For more information on the Cloudmersive Virus Scanning ICAP server, please contact our sales team.



What is a Reverse Proxy Server
1/6/2023 - Brian O'Neill


servers

What is a Proxy Server?

Before we dive into a closer look at reverse proxy servers, we should first understand proxy servers from a birds-eye view. In short, the purpose of any proxy server is to act as an intermediary between client-side users browsing the internet and the various external web servers they request information from. It’s in the name: the word “proxy” refers to any entity which has been given the power to act on another entity’s behalf. There are two major categories of proxy servers: forward and reverse.

What is the Difference between Forward and Reverse Proxy Servers?

Both forward and reverse proxy servers are extremely useful, and they perform very different functions in practice. While forward proxies work on behalf of client-side users, acting as a buffer between them and the various web resources they request information from, reverse proxies behave in the exact opposite way, acting as a buffer between a particular web server (or group of web servers) and the inbound client-side requests they receive. In practice, forward proxies typically protect client-side user identities while they browse the internet from a particular network, and they can also provide a means for restricting access to specified web servers.

What is a Reverse Proxy Server, and How does it Benefit a Backend Server (or Group of Backend Servers?)

At a basic level, a reverse proxy server funnels client-side requests towards the backend web servers they seek resources from. Once those requests are satisfied, the reverse proxy server receives responses back from the web server and subsequently returns those responses to the client-side user.

The excellent strategic positioning occupied by a reverse proxy server allows it to benefit backend web servers in a variety of useful ways. For example, reverse proxy servers are generally used to load balance inbound requests across their group of assigned web servers, ensuring no one server is ever overloaded. This is accomplished using one of several load balancing algorithms, such as a Round Robin algorithm, which balances requests to a group of servers in a specific order (one request per server). In addition, reverse proxy servers are often asked to carry out important functions such as terminating SSL connections, decrypting incoming requests, and temporarily caching frequently requested content for convenience. Functions such as these effectively help lighten the burden for backend web servers when they experience high volumes of requests.

Perhaps most beneficially of all, reverse proxy servers can be leveraged to deploy basic and advanced security policies which greatly help to protect the backend web servers they support. On the simplest end of that spectrum, they can be configured to process authentication details for various types of information – such as personal account details – only redirecting client requests to the backend server(s) when valid authentication details are supplied. On the more complex end, they can be configured to scan incoming client-side data for viruses and screen out various forms of otherwise untrustworthy content (such as macros and executables), acting as a first line of defense against a wide variety of potentially dangerous external requests.

Cloudmersive Virus Scanning Reverse Proxy Server

The Cloudmersive Virus Scanning Reverse Proxy Server represents a multidimensional reverse proxy security solution, calling the Cloudmersive Virus Scanning API into action when inbound requests are funneled through the reverse proxy stage. This API placement protects backend web servers from malicious traffic - such as virus and malware uploads - before that traffic has a chance to reach its intended destination.

The Cloudmersive Virus Scanning API has access to a growing list of more than 17 million virus and malware signatures, and various custom settings can be configured to either block or allow myriad dangerous forms of content, such as scripts, executables, invalid files, and more. For more information, please feel free to check out our product page, or make an inquiry to one of our sales representatives.



What is a Forward Proxy?
12/27/2022 - Cloudmersive Technical Writing Team


A forward proxy is a type of proxy server that acts as an intermediary between a client and a server. It is called a "forward" proxy because it forwards client requests to the appropriate server on behalf of the client.

Forward proxies are often used in corporate networks to enforce Internet usage policies, block unwanted websites, and provide additional security. They can also be used to improve Internet performance by caching frequently requested content, such as popular videos or images.

Forward proxies can be configured in a number of ways. They can be configured to allow all client requests to pass through, or they can be configured to block certain types of requests based on criteria such as the destination website or the client's IP address. They can also be configured to encrypt client requests for added security.



800 free API calls/month, with no expiration

Get started now! or Sign in with Google

Questions? We'll be your guide.

Contact Sales