E-002 - Reverse Proxy Exposure Control Evidence
Objective
Verify that only intended services are exposed through the reverse proxy.
Context
This evidence validates:
- exposure control
- absence of unintended service exposure
- correct routing configuration
Evidence Description
Verification that:
- only expected ports are open
- backend services are not directly exposed
- reverse proxy routes are controlled
Data Source
ss -tulpennetstat -tulpen- external scan (nmap)
Collection Method
# Local listening ports
ss -tulpen
# External scan (from another machine)
nmap -p- <VPS-IP>
Expected Outcome
- Only intended ports (80/443/SSH) are exposed
- No direct access to internal services
- Reverse proxy is the single entry point
Evidence Data (To Fill)
[Scan results will go here]
Observations
- Unexpected open ports?
- Direct service exposure?
- Misconfigured routes?
Conclusion
[] Effective
[] Partially Effective
[] Ineffective
Notes
- Critical for R-001 mitigation
- Should be repeated after each config change