Firewall Wizards mailing list archives
Re: Firewall to protect web server
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 24 Apr 2000 14:31:33 -0400 (EDT)
On Fri, 21 Apr 2000, Jim Ide wrote:
Hello -
[SNIP]
1. The apache web server (and other web servers) can be configured to allow/deny access based on the ip addresses and domain names of incoming requests. Firewalls can also be configured to do this. Should I use apache, firewall, or both, to block incoming http requests? Advantages / disadvantages / considerations to these approaches?
Use all that you can, it's better to not rely on one system and or point of failure. Hell, add tcpd into the mix just to be safe. maybe even xinetd...
2. I have purchased the Netmax firewall ( www.netmax.com <http://www.netmax.com> ) and have installed it successfully. Has anyone had experience with this product? Good / bad?
No, sorry, I have not, others I'm sure will have <smile>.
3. Has anyone had experience with a using the linux ipchains script builder at linux-firewall-tools.com ? Good / bad?
Your defaults are going to be set to deny, and since your allows are going to be minimal and tight, I think hand tuning is going to do best for you and also avoid some of the messy mis-signals tools like chains/ipfw script builders can open up on you. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Firewall to protect web server Jim Ide (Apr 24)
- Re: Firewall to protect web server woody weaver (Apr 26)
- Re: Firewall to protect web server R. DuFresne (Apr 26)