CiviProxy - Security proxy for CiviCRM

Does your CiviCRM server contain confidential data on your organsiation and your constituents? Couldn't this data be used against you, to scam your donors or simply undermine your constituents' trust in you?CiviCRM ist not an unsafe system, but exposing the whole server with all its components to the internet yields a lot of attack vectors - for targeted attacks and scripted mass-exploits alike.

CiviProxy aims at minimising this exposure.

How does it work

The basic idea is to first put your CiviCRM server into a VPN. This makes the server virtually inaccessible from the internet, and your users or your whole office will access it via a secure connection.

But what about your public web pages, donation pages, data exchange with other systems? This is where CiviProxy comes in: You get a small, secure, extra server and give it access to both, the internet and your VPN. It will act as a safe gateway for selected features of your CiviCRM that you would like to expose.

What can it do?

Currently CiviProxy can expose/relay the following CiviCRM functions

  1. Serve resources for newsletters and mailings
  2. Cache those ressources, taking load off your CiviCRM server
  3. Pass-through of tracking data on opening and click-through rates
  4. Sign-on and off of your newsletter (Webpage templates)
  5. Relay of whitelisted REST API calls for data exchange with other systems
  6. Perform input sanitation and parameter whitelisting for the REST API calls

DISCLAIMER: This software has not (yet) been audited for security.

Weiter Links:

Github Project