Microsoft Web Application Proxy (WAP) is a Windows Server role that provides reverse proxy functionality, enabling organizations to securely publish internal web applications for external access. Integrated with Active Directory Federation Services (AD FS), WAP ensures that users authenticate before accessing backend applications, thereby enhancing security without exposing internal servers directly to the internet.
Key Features and Functionality:
- Pre-authentication: Integrates with AD FS to authenticate users before they access backend applications.
- SSL/TLS Termination: Manages SSL certificates and encryption for secure external access.
- Pass-through Authentication: Supports Kerberos constrained delegation for seamless backend authentication.
- HTTP to HTTPS Redirection: Automatically redirects insecure traffic to secure connections.
- Backend Server Pool Support: Load balances across multiple backend servers for high availability.
Primary Value and Problem Solved:
WAP addresses the challenge of providing secure remote access to internal web applications without exposing them directly to external threats. By acting as an intermediary, it ensures that only authenticated users can access sensitive resources, thereby protecting internal infrastructure from potential attacks. This setup is particularly beneficial for organizations aiming to offer remote access to applications like SharePoint, Exchange, and custom web services while maintaining stringent security protocols.