Firewall Wizards mailing list archives
Re: New one: Securing an HTTP server
From: cschieke () advsys com (Chad Schieken)
Date: Thu, 3 Sep 1998 11:34:47 -0400 (EDT)
If I were you I might do something like this: User---> Netscape Proxy (in "reverse" mode) ----> Cisco Pix --->Router---> corporate http server The netscape proxy supports a feature that will allow the proxy to act like it's the corporate webserver ( but under a different name). So this is preferable to using an outside webserver, 'cuase this means mgmt is kept to a minimum. For performance make use of the netscape proxy cache (on fast disks, striped). For added security you could use SSL at anypoint: User --ssl--> proxy ---ssl----> corporate http user --ssl--> proxy ---http---> corporate http User --http-> proxy ---ssl----> corporate http Make sure the Cisco PIX is doing NAT (no reason to expose internal network routing information. ) also not sure what you mean by "private networlk"? The link from the ISP to your company? later... chad
From: Firewalls <Firewalls () exchange ware net> To: firewall-wizards () nfr net Subject: New one: Securing an HTTP server Date: Wed, 2 Sep 1998 11:29:08 -0700 Turns out the ftp is out and HTTP is in. Basically we want to server confidential documents to end user internet customers. SSL encryption will be used, however we need to pull the documents off a "server" inside our corporate network. I'd like recommendations on the "best way" to serve these files without exposing the inside server. Here's a simple drawing of what we are considering: User ----> Public HTTP Server (colocation provider)----> Private Network ---> Cisco PIX ---> Corporate HTTP Server Specifically I'm looking for recommendations on the proxy code for the public server, Unix or NT is acceptable. TIA,
Current thread:
- New one: Securing an HTTP server Firewalls (Sep 03)
- Re: New one: Securing an HTTP server Ben (Sep 03)
- Re: New one: Securing an HTTP server Chad Schieken (Sep 03)