I don't believe that it is overkill. Just my 2�
Also an apache reverse proxy is actually pretty simple to set up. The only
caveat is that your proxy box needs to be kept up to date as well.
Preferably
without overwriting your configs.
You can also use this to ssl enable a non ssl web app or appliance (great to
secure an older wireless AP's web interface)
Here is an example from one of my apache-ssl reverse proxies:
<VirtualHost external-ip>
ServerName fqdn.outside.dns.name
DocumentRoot /var/www/
ProxyPass /somename/ http://hostname-or-ip-of-internal-host:port/
ProxyPassReverse /webmin/ http://hostname-or-ip-of-internal-host:port/
SSLEnable
</VirtualHost>
note the port will default to 80 if none is specified.
Hope this helps.
--
No trees were harmed in the transmission of this message, however a
large number
of electrons were seriously inconvenienced.
Quoting Shawn <[EMAIL PROTECTED]>:
I have a situation where a web server needs to be accessible from the web,
with little/no set up on the client side. No big deal, but here's the rub:
The server in question is a W2K server running IIS, and just happens to run a
mission critical web app (it's this app that needs to be accessible to remote
employees). Of course, I'm concerned about hack attempts...
My first thought is to implement a VPN solution. This will suffice for some
of the employees, but not all - we can't manage/dictate the remote
configuration in all cases. So while a VPN will help, it's not the final
solution (or so I think at this time).
Next I thought of setting up an Apache server acting as a proxy to the IIS
server, and intercepting known script kiddie hack attempts with a 404. But
I'm wondering if this is overkill.
The server in question has all the latest patches (and is kept up to date),
and sits behind an IPCop firewall. I don't feel overly comfortable directing
port 80 traffic right to the server, but maybe I'm being too paranoid (well,
they would loose 10's of thousands of dollars a day if the app is down for
more than a few minutes - so maybe I'm not being paranoid enough?).
Is a combination of the VPN and Apache solution the best bet? Is there a
better way to handle this? Thanks for any input.
Shawn
---------------------------------------------------
This message was sent using Echostar Secure Webmail
pgpOs2wj1wfFP.pgp
Description: PGP Digital Signature
binTdrg3DQwTI.bin
Description: PGP Public Key
_______________________________________________
clug-talk mailing list
[email protected]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
