Firewall Wizards mailing list archives
RE:
From: "Stout, Bill" <StoutB () pios com>
Date: Tue, 16 Jun 1998 20:30:58 -0400
----- Original Message ----- Hello, I'm looking for information on the best way to allow our web
server to
access an internal database. We are beginning an Internet commerce site. I've heard of several techniques: 1) The web server has wrapper/stub cgi programs that call cgi routines
on a second external box that has permission to cross the firewall (a.k.a. a cgi reflector)
Why a second box? That will slow you down significantly. The server extensions should run on the webserver, which accesses an internal application server. You can either use a third interface on a firewall, or cascade firewalls and be completely proxied (http/https to internet, SQL to the inside). Internet---FW-----Internal | Webfarm For high-bandwidth situations (co-located), an alternative is to front-end the webfarm with a network accelerator/intelligent caching proxy (caches non-cgi URLs) which only passes http/https traffic, and connect that to the third interface which proxies or packet-filters SQL queries. Internet----+---NA--Webfarm | | +--------FW-------Internal
2) Move the web server inside and proxy it out to the Internet.
Bad idea.
3) Export database to external server and allow web server to hit that
db.
Eats CPU on webserver, harder to maintain and keep Db current.
I know that many thousands of companies are doing commerce but I've
been
unable to find a best practices document or other such info.
They each think their network design is a comeditive differentiator. ;)
Thanks in advance for any comments, info, or pointers to where I can find some info.
Oracle, Microsoft, Redbrick, Information Advantage, Netscape, Digital, IBM, Sun, Compaq, HP all have 'solutions' and will fall all over themselves for a commerce site sale. As long as you have money. Lots of raw data on the Internet. Beware of taking raw data as fact. ;) Bill Stout
Rick ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com ----- End Of Original Message -----
Current thread:
- RE: Stout, Bill (Jun 16)