C-001 - Reverse Proxy Exposure Control
Objective
Ensure that only intended services are exposed to the Internet and that routing rules do not allow unintended access to internal services.
Type
Preventive
Scope
- VPS-01 (Reverse Proxy)
- Public exposure flows (Internet → Services)
Implementation
- Strict routing rules based on domain/host
- No direct backend exposure
- TLS enforced
- Default deny behavior
Related Risks
Validation
- Manual review of routing configuration
- External exposure testing (port scan / HTTP probing)
Status
Active
Owner
Ops