Re: New one: Securing an HTTP server

[Ben <ben () edelweb fr>]

> SSL encryption will be used, however we need to pull the documents off a
> "server" inside
> our corporate network. 
>
> I'd like recommendations on the "best way" to serve these files without
> exposing the inside
> server.

Why not use a second DMZ in which the data files on the web server are 
mounted over NFS read only?  You can have something packet filtering 
limiting everything else going between the two machines as well as 
putting an NFR on the line and have it reset the packet filter to block 
EVERYTHING if you ever see anything but NFS go through.

Ben.
____
Ben Samman.................................................ben () edelweb fr
Paris, France                      Illudium Q36 Explosive Space Modulator
He's not a newbie.  He's got a catchy .sig.  What more can a boy ask for?