Firewall Wizards mailing list archives
Re: Passing information between an external client and an internal sever
From: Randy Witlicki <randy.witlicki () valley net>
Date: Sun, 21 Nov 1999 19:45:47 -0500
Kevin wrote:
Our web development team has come up with a plan for people to submit product request information to our mainframe and receive information back. ....<snip>... Client ----- Web Server | | Firewall ----- Middleware/web server ----- MF ....<snip>... I need to come up with a secure solution within a couple of weeks. Any suggestions?
Hi Kevin, Public web servers inside of a firewall are not something I am very comfortable with because any vulnerabilities (either from bad coding or configuration on your part or newly discovered security flaws in the web server platform in use) allows the exploiter of the vulnerability to do their thing inside of your security perimeter. A step you might consider is to have the web Client submit the form to the external web server and then have a cgi-bin application talk to the middleware application and then return the data to the client via the external web server: Client <--> WebServer <--> Firewall <--> Middleware/web (client sends web Form to external web cgi-bin program, external web makes the request to middleware, recieves middleware response and then resends it to client) Yes, this is more traffic and you have to write some cgi-bin code on the external web server, but you can then configure the firewall to only accept http connects from your external webserver to the middleware server. This prevents the evil hoards of hackers on the Internet from sending various probes to your middleware system. Hope this helps. - Randy -
Current thread:
- Passing information between an external client and an internal sever tyrrell (Nov 21)
- Re: Passing information between an external client and an internal server Bret Watson (Nov 22)
- Re: Passing information between an external client and an internal sever Randy Witlicki (Nov 22)
- Re: Passing information between an external client and an internal sever Saravana Ram (Nov 23)