Re: Passing information between an external client and an internal sever

[Randy Witlicki <randy.witlicki () valley net>]

   Kevin wrote:
> Our web development team has come up with a plan for people to submit
> product request information to our mainframe and receive information back.
>
> ....<snip>...
>
>    Client  -----  Web Server
>      |
>      |
>   Firewall -----  Middleware/web server ----- MF
>
> ....<snip>...
> I need to come up with a secure solution within a couple of weeks. Any
> suggestions?

  Hi Kevin,

  Public web servers inside of a firewall are not something I am very
comfortable with because any vulnerabilities (either from bad coding
or configuration on your part or newly discovered security flaws in
the web server platform in use) allows the exploiter of the
vulnerability to do their thing inside of your security perimeter.

  A step you might consider is to have the web Client submit the form
to the external web server and then have a cgi-bin application talk to
the middleware application and then return the data to the client via
the external web server:
    Client <-->  WebServer <--> Firewall <-->  Middleware/web
   (client sends web Form to external web cgi-bin program, external web
makes the request to middleware, recieves middleware response and
then resends it to client)
  Yes, this is more traffic and you have to write some cgi-bin code
on the external web server, but you can then configure the firewall
to only accept http connects from your external webserver to the
middleware server. This prevents the evil hoards of hackers on the
Internet from sending various probes to your middleware system.

  Hope this helps.

  - Randy
 -