On Mon, 15 Nov 1999, Jiang Yi wrote:
> We have install a firewall between our internal network and the
> Internet. And we have 2 WWW servers (OS are both Solaris). One
> server is on the DMZ, and one is on the internal network.
>
> Of course people can access the information on the DMZ WWW server.
> Now we want people on the Internet also can access some information
> on the internal WWW server. We open a special port(8000) on the
This is generally a *very bad idea*. Opening up an internal WWW server
to Internet access maens that you're opening your network to potential
compromise if the internal server contains any bugs or poorly-written CGI
programs.
> DMZ WWW server, and when people access this port, the DMZ WWW server
> should redirect the request to 80 port of the internal WWW server.
>
> But I do not know how to do it on solaris with Apache Server, I wish
> someone can help us. If you can send me the source code of redrecting
> port, it is the best!
Apache is capable of getting requests from another server and mapping
them to the local server (no special port needed though you could run a
seperate instance). Look at the ProxyPass and ProxyRemote directives. Once
again, this is still a very bad idea. It's better to replicate the content to
the external server via a one-way secure mechanism than to allow untrusted
hosts access to the internal network.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
