Re: Firewall to protect web server

["R. DuFresne" <dufresne () sysinfo com>]

On Fri, 21 Apr 2000, Jim Ide wrote:

> Hello -

        [SNIP]

> 1.    The apache web server (and other web servers) can be configured to
> allow/deny access based on the ip addresses and domain names of incoming
> requests.  Firewalls can also be configured to do this.  Should I use
> apache, firewall, or both, to block incoming http requests?  Advantages /
> disadvantages / considerations to these approaches?

Use all that you can, it's better to not rely on one system and or point
of failure.  Hell, add tcpd into the mix just to be safe.  maybe even
xinetd...

> 2.    I have purchased the Netmax firewall ( www.netmax.com
> <http://www.netmax.com>  ) and have installed it successfully.  Has anyone
> had experience with this product?  Good / bad?

No, sorry, I have not, others I'm sure will have <smile>.

> 3.    Has anyone had experience with a using the linux ipchains script
> builder at linux-firewall-tools.com ?  Good / bad?

Your defaults are going to be set to deny, and since your allows are going
to be minimal and tight, I think hand tuning is going to do best for you
and also avoid some of the messy mis-signals tools like chains/ipfw script
builders can open up on you.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!