AI-Powered Reverse Proxy: The Next Frontier in Cybersecurity for IT Professionals
"Before you ask, Yes it's OpenSource"
At Truth on Tech, we’ve been actively experimenting with how artificial intelligence (AI) can transform the way small to midsized businesses approach cybersecurity — not through generic automation, but by embedding intelligent decisionmaking into the network layer itself.
One of our most exciting projects is the development of an AIenabled reverse proxy system that complements traditional tools like EDR (Endpoint Detection and Response) and SIEMs (Security Information and Event Management). This layered approach creates a more adaptive and responsive cybersecurity defense system — tailored for infrastructureconscious IT professionals.
🔐 Phase 1: AIPowered Email Screening
The first phase of this system introduces an AI assistant for analyzing email threats. Here's how it works:
All incoming emails are forwarded to an internal AI email address (e.g., [email protected]).
The AI (powered by a local LLaMA 3 7B model running via Ollama) parses the email, inspects headers, compares From: and ReplyTo: domains, and checks links for anomalies like foreign TLDs or suspicious payloads.
Emails that appear dangerous or deceptive are forwarded with an attached report to the IT department ([email protected]), where a human can review or act further.
This phase is about intelligence and awareness — not blocking. It's designed to reduce the noise and highlight real threats that slip through SPF, DKIM, and DMARC.
🧱 Phase 2: AIEnhanced Reverse Proxy for HTTP/S
Once stable, we extend AI inspection to the network edge using Caddy as the reverse proxy.
Caddy logs all HTTP/S traffic per domain, in a structured format.
An AI agent reviews these logs in realtime, looking for bruteforce attempts, path scanning, abnormal patterns, and suspicious useragents.
Based on its findings, it returns structured responses like:
json
{
"action": "blockip",
"ip": "203.0.113.10",
"reason": "Excessive failed login attempts"
}
The AI is not allowed to generate arbitrary firewall commands. Instead, we define safe, preapproved functions (e.g., blockip(ip)) to eliminate hallucinations and ensure predictable behavior.
🔥 The Future Vision: AI Reverse Proxy for All Ports
Caddy currently handles HTTP/S, but the goal is to create a fullport AI reverse proxy system. Logs and traffic patterns from any service (SSH, VoIP, etc.) will be passed to the AI, which can analyze intent, detect scanning, and respond accordingly — creating a selfdefending infrastructure layer.
We're also exploring integration with:
Proxmox firewall APIs for hostlevel blocking
CrowdSec for reputationbacked threat intelligence
Fail2Ban as a secondary enforcement layer
Zero Trust overlays for verified access before exposure
🧠 Where AI Makes Sense for IT Professionals
Unlike the buzz around AI chatbots and marketing tools, IT professionals benefit most when AI is tactical and grounded. Here’s where it fits:
Application AI's Value
Email Threat Detection Understands phishing patterns beyond SPF/DKIM
Log Analysis Detects suspicious activity across services
Firewall Automation Proposes safe blocks with context
Incident Correlation Connects events across logs, endpoints, and traffic
SIEM & EDR Enhancements Reduces false positives, provides humanfriendly insights
Vulnerability Prioritization AI ranks threats based on exposure and likelihood
Infrastructure SelfHealing Predicts failures and triggers remediation scripts
🛠 OpenSource Focus
This project doesn’t rely on closed platforms. We're integrating AI into opensource stacks like:
Wazuh (SIEM)
Zeek/Suricata (Network IDS)
OSSEC (Logbased HIDS)
Postfix + Python (for mail inspection)
Proxmox (for dynamic firewall rules)
Caddy (reverse proxy with perdomain log hooks)
This ensures privacy, control, and costefficiency — values that matter to both independent IT pros and enterprise teams.
🎯 Final Thoughts
This isn’t about replacing security tools — it's about making them smarter. Our AIenabled reverse proxy approach complements existing firewalls, SIEMs, and EDR solutions by injecting intelligence at the edge.
By allowing AI to observe, learn, and act within predefined rules, we reduce the burden on IT teams, prevent alert fatigue, and close response gaps before they become breaches.
If you're building your own AI security stack or want to learn from what we're doing, let's talk.