Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

http transfer from DMZ to intranet web server

From: stephane.dorion () hrdc-drhc gc ca
Date: Wed, 26 Jan 2000 10:24:21 -0500
----------------------------------------------------
Hi, we're trying to setup a 3-tiered architecture with a dmz but we're kinda 
stuck on our analysis because there's something 
we can't figure out. I'll explain... and please bear with me since I'm really 
new to that kind of technology and may be 
using wrongs terms or definitions.

Here's the path that we would like a web request to follow :
(Better seen with a fixed font)
                  |                                              |
[ -- INTERNET ---]|[---------------- D M Z 
---------------------]|[----------- INTRANET----------------]
[Browser] -http-->|[FIREWALL] -http-> [Web Server] --> [FIREWALL]| -https-> 
[Web Server] ---> [Database]
[Browser] <-http--|[FIREWALL] <-http- [Web Server] <-- [FIREWALL]| <-https- 
[Web Server] <--- [Database]
    HTML          |                       ASP                    
|              ASP
                  |                                              |

In this diagram, the Web Server in the DMZ is used as a "redirect" server, it 
will transfer the request to our
intranet web server,which will process the request, send it back to the DMZ 
WS, which will send it to the browser

Now, first of all, can someone tell me if anything is wrong with that ? If 
so... what ?

But my main question would be :
How can we establish a connection between our 2 web servers, is it secure to 
allow SSL in the firewall ? and more 
importantly, how can we use http to effectively transmit data between the 
servers, we have found a way of doing that but I
believe it's not a good way. That is using a ASPhttp object but what we have 
to do to transmit the data is the crappiest 
method I've ever seen in my whole life and I can't believe it's the only way 
(with a series of request.form and 
response.write)

I'm not sure I'm being clear, if anyone wants clarifications, I'll be glad to 
help you out as much as I can.

Thanks

Stephane Dorion


Merci
Bonne journée

Stéphane Dorion
Programmer-Analyst
HRI & Self-Services
Phone: (819) 997-3027
Fax: (819) 997-6562
stephane.dorion () hrdc-drhc gc ca
Previous By Date Next
Previous By Thread Next

Current thread: