Is authentication mandatory when setting up a reverse proxy?

linux authentication reverse-proxy tomcat

Solution 1:

I think there is no general guideline on that topic. I have set up multiple reverse proxies in different areas and sometimes used authentication and sometimes not, heavily depending on the actual use case.

From your question

My web application server which runs linux tomcat stack, has all the mandatory security and firewall infrastructure and can authenticate its own requests.

i would deduce that authentication in your proxy would not make a lot of sense when your server is already doing that. Including authentication in your reverse proxy makes sense when you want to create a secure connection between a client and otherwise unsecure server. When your server already is secure, i do not see any reason to add another layer of security.

I have never deployed a reverse proxy before and i was wondering if it is mandatory from a security perspective

It is definitely not mandatory. It is of course good practice to secure resources which would otherwise be totally open. So, of your server is already 'secure' and authenticating requests, i would not add another authentication instance.

Related

strongswan no start embedder linux
WSL and maven wrapper?
Dedup.sys 0x7E after inplace upgrade Server 2016 => 19
Does nginx free allows multiple proxy_cache_valid?
When does "zpool scrub" delete files automatically?
PowerDNS subdomain delegation, no answers
Postgresql is not running. It's active but exited
Minikube mount datadir at minikube start
ML380 G6 P410i RAID controller not detected [closed]
Are names of groups of users better as singular or plural? [closed]
What is the difference between findById() and existsById() in Spring Data 2.0?
vscode live-server extension v5.6.1 fails to resolve 'axios' JavaScript import