On Mon, 19 Jul 1999, Nick Urbanik wrote:
NU} Dear folks,
NU}
NU} We have a data server behind our Checkpoint 1 firewall, and a web server
NU} that runs many applications that access this data. The data is
NU} sensitive, and is encrypted.
NU}
NU} We want to publish this on the Internet. What is the best way to set
NU} things up? Should we use squid as a reverse proxy in the DMZ to access
NU} the web server on the inside network? Or should we use http-gw from TIS
NU} as a reverse proxy? Or should we run the web server in the DMZ? It
NU} seems this exposes our data server to some risks. I've grepped all
NU} Squid's documentation for "reverse" and came up with nothing helpful.
NU}
NU} Any pointers to any ideas would be most appreciated.
I use Apache running on a BSD/OS 4.0.1 system to proxy all web content on
Microsoft IIS systems behind a firewall. My requirements were undoubtedly
different as a secure communication (encrypted) path was only required
when traversing a public network. Also, i am required to authenticate all
external users before granting access.
Apache configured as a reverse proxy provides access to web servers (IIS,
Netscape, Apache, CERN, etc.) on the LAN behind the firewall. Squid
provides the "Web Client" side of the equation, allowing users on the LAN
to access Web sites on the Internet.
Merton Campbell Crockett
+---------------------------------------------------------------------------+
| Manager, Network Operations & Services | Senior Network/Security Engineer |
| GTE Government Systems Corporation | Naval Surface Warfare Center |
| Electronic Systems Division | Port Hueneme Division |
| Intelligence Systems Organization | IT/TIS Program |
| Thousand Oaks, CA | Port Hueneme, CA |
+---------------------------------------------------------------------------+
Received on Mon Jul 19 1999 - 07:20:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:27 MST