httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charles Marcus <CMar...@Media-Brokers.com>
Subject Re: [users@httpd] Newbie - Apache as internet facing proxy for Windows/IIS backend .net app server?
Date Thu, 10 May 2018 14:49:07 GMT
Ok, a follow-up question...

My only concern here is security. This is not and never will be a
heavily used system, but it will serve as a gateway to a backend
accounting system, so I'm not concerned with load balancing or any of
the other features that come with a reverse proxy. My only concern is
that it be as secure as possible.

I know that a reverse proxy in and of itself doesn't add any real
security (other than this will be running on linux, which I'm more
comfortable exposing to the internet).

So, with that in mind... I would appreciate any links to how to do this
with security as the primary goal. Something more than just 'enable
mod_security'.

Also, I would be very open to paying a consultant to assist in setting
this up, if I can be convinced they are legit and worth their asking
price. Two things I'd want/need help with is testing to whittle down the
http features to only those necessary to interact with our system,
taking advantage of mod_secs 'continuous passive security assessment'
feature, and anything else that makes sense.

And thanks for the responses so far!

*/Charles/*/*

*/
On Mon May 07 2018 13:56:56 GMT-0400 (Eastern Standard Time), Yehuda
Katz <yehuda@ymkatz.net> wrote:
> Your application will still need to run on a Windows server with IIS,
> but it can be behind your firewall. Your Apache HTTPD server would go
> in your DMZ and would proxy connections between the clients on the
> internet and the internal server. (Your firewall would need to allow
> those connections.) 
>
> - Y
>
> On Mon, May 7, 2018 at 1:44 PM Charles Marcus
> <CMarcus@media-brokers.com <mailto:CMarcus@media-brokers.com>> wrote:
>
>     Ok, thanks!
>
>     But to be clear - I asked the Support people and was told, and I
>     quote:
>
>     "The Webvantage, Client Portal and Mobile Server applications are
>     .Net IIS applications that require Microsoft Windows and IIS."
>
>     So... was that just a typical response from a Windows support
>     person who doesn't really understand web servers?
>
>     The software in question is described here:
>
>     http://www.gotoadvantage.com/web-based-management-software
>
>     I don't mind doing the work, I'd just rather not go down a rabbit
>     hole trying to do something that can/will never work.
>
>     Thanks again,
>
>     */Charles/*/*
>
>
>     */
>     On Mon May 07 2018 13:37:36 GMT-0400 (Eastern Standard Time),
>     Yehuda Katz <yehuda@ymkatz.net> <mailto:yehuda@ymkatz.net> wrote:
>>     Certainly. I would start with the Reverse Proxy
>>     Guide: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
>>     Come back here if you have any questions.
>>
>>     - Y
>>
>>     On Mon, May 7, 2018 at 1:32 PM Charles Marcus
>>     <CMarcus@media-brokers.com <mailto:CMarcus@media-brokers.com>> wrote:
>>
>>         Hello all,
>>
>>         I just want to know if this is even worth my time trying to
>>         figure out.
>>
>>         We have an Accounting application (.ne/IIS on Windows Server
>>         2008R2) on our LAN, but I need to provide a window to this
>>         through the internet, and I'd really, really like to not put
>>         a Windows Server on our DMZ facing the internet directly (if
>>         I have to, it will be a separate/standalone server that
>>         redirects/proxies to the Accounting server).
>>
>>         first and foremost - is it even possible to setup an Apache
>>         server to do this? I loathe IIS, and also don't know much
>>         about it, but I'm also pretty much a noob when it comes to
>>         web servers in general. I do have some experience a while
>>         back with Apache, which is why I'm starting here.
>>
>>         If it isn't, so be it, but if it is, is it very involved?
>>
>>         Tia...
>>
>>         */Charles/*/*
>>         */
>>
>


Mime
View raw message