Hi,
I am running an apache 2.2.3 web server which is located in the
firewall's DMZ. Our web server communicates with several tomcat nodes
located within the firewall's internal network via mod_jk 1.2.20. I
have successfully configured SSL on our Apache server and would like to
begin accepting credit card payments. I understand that the
communication from the client's browser to the Apache web server will be
encrypted, but the communication from the server to the tomcat nodes
through mod_jk will not. My understanding of a DMZ leads me to believe
that this should be safe. Am I correct in believing that for someone to
read the unencrypted communication from the apache server to the tomcat
nodes, one would have to gain access to the DMZ's network, or the
internal network. The firewall allows only HTTP and HTTPS into the DMZ
and nothing is allowed into the internal network except a connection
from the DMZ on a specific port to the tomcat nodes. I am slightly
worried that there is an easy way for someone to monitor the DMZ's
traffic that I am missing. I have considered using a stunnel from
apache to tomcat but would prefer to avoid this if possible. The server
has also passed a HackerGuardian Scan.
Any advice on my setup would be appreciated, or any notes on other
possible vulnerabilities.
Thank you
AFrieze
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
