Jonathan Squire wrote:
>
> Is anybody looking at things like that eGap from Whale Communications?
> (http://www.whalecommunications.com)
>
> The URL shuttle may be of some use in situations like this, used in
> addition to a firewall it can be used to access specific content on a non
> public server w/o providing an actually network connection from the
> internet to the protected server through the DMZ.
We've been through the URL shuttle before on this list.
Let's not start another 50-message thread about it.
The basic problem with the URL shuttle is this:
It forwards HTTP requests.
This means that it does NOT protect against 95% of the vulnerabilities
with HTTP servers. HTTP servers, after all, tend to NEED HTTP requests
in order to function ;-)
Rob Serfozo wrote:
> [want to put web server on the inside]
> What do you all think.
I would STRONGLY recommend against placing your web server on the
internal network. Hiding it behind NAT and whatever won't help
with web servers. As I said, (at LEAST) 95% of the vulnerabilities
are in the actual HTTP requests, which your firewall will happily
forward and address translate.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
