Re: Acceess to the Web server, which is behind the firewall

[Jason Prondak <jprondak () dbna com>]

But don't you think that the notion of  a reverse proxying is a  little
insecure!

You are intern allowing machines that have a higher potential to be
compromised, to  live inside your secure network.  If someone can hack into
those servers, your entire internal network can be fruit for the
picking's.  Could web site replication via say...rsync using ssh be an
option?  All  you have to do is replicate the web sites from the internal
machines out to some servers on the DMZ.

If you can honestly guarantee that those web servers, cgi scripts and such
are not vulnerable, then go for it.


            --jason



Eduardo.Martin () icex es wrote:

> > Hi,
> >
> > I have some Web servers, which are on the same computer, but have some
> > virtual hostnames. This computer is behind the firewall.
> > I would like users from Internet to access these Web servers, but I
> don't
> > want to open direct access to this computer.
> >
> > Anybody knows any software, I can install on the bastion host, which
> will
> > work as a 'pipe' to the internal Web server?
>
> What you're talking about is a reverse-proxy. Two options I know: Squid
> running in accelerator mode and Netscape Proxy Server in reverse-proxy
> mode (or secure reverse-proxy mode if HTTPS is needed).
>
> Hope this helps.
> Eduardo.