I have to agree with Paul here. It is a very bad idea to open
that hole into the internal network. Go with the sugestion to
replicate the data on the server in the DMZ. It's a much safer
way to operate.
Apache has many options in it's setup. One could run a second
web server on port 8000 that has it's own configuration files,
and it's own directory tree of web pages. It is also possible
to setup apache to serve up requests on the 8000 port to a
different set of pages that those requested on port 80.
Paul D. Robertson wrote:
>
> On Mon, 15 Nov 1999, Jiang Yi wrote:
>
> > We have install a firewall between our internal network and the
> > Internet. And we have 2 WWW servers (OS are both Solaris). One
> > server is on the DMZ, and one is on the internal network.
> >
> > Of course people can access the information on the DMZ WWW server.
> > Now we want people on the Internet also can access some information
> > on the internal WWW server. We open a special port(8000) on the
>
> This is generally a *very bad idea*. Opening up an internal WWW server
> to Internet access maens that you're opening your network to potential
> compromise if the internal server contains any bugs or poorly-written CGI
> programs.
>
> > DMZ WWW server, and when people access this port, the DMZ WWW server
> > should redirect the request to 80 port of the internal WWW server.
> >
> > But I do not know how to do it on solaris with Apache Server, I wish
> > someone can help us. If you can send me the source code of redrecting
> > port, it is the best!
>
> Apache is capable of getting requests from another server and mapping
> them to the local server (no special port needed though you could run a
> seperate instance). Look at the ProxyPass and ProxyRemote directives. Once
> again, this is still a very bad idea. It's better to replicate the content to
> the external server via a one-way secure mechanism than to allow untrusted
> hosts access to the internal network.
>
--
| Bryan Andersen | [EMAIL PROTECTED] | http://softail.visi.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
