ApacheReverse proxy for DMZ web server
Hi, I am trying to get a webserver in a screened subnet and I am stuck in deciding which one is the better solution. A) forwarding via ipmasqadm B) using Proxypass feature of Apache My brain says it is better to have proxy controling for anything possible rather than simply forwarding yet are there any problems with it that I have not seen Any pointers and suggestions are much appreciated Thanks -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Hi list, i am setting up two servers directly in the web for hosting purposes. Of course because there is no firewall etc aviable i wan to show as little as possible to the external world and secure the box as much as possible with certificates etc against any sniffing attacks. Now from what i know (correct me if i am wrong) the first step is always to scan a host for the services it is running. So i used nmap with the -sS flag on my hosts. nicely it shows that i am running this and that service. So i tried to get rid of some using the inted,conf file and the services file... and there only pop, sop, imap http(s), domain and mysql are left. Good.. but imap and mysql are only needed by the localhost. so i added it to my hosts.deny as mysql : ALL EXCEPT localhost This seems to work, i cannot connect externally BUT i can see it with nmap. how do i prevent this in the most efficient way? Also i saw mandrake updated their stunnel rpm, anyone up to date about a new stunnel from suse? thanks Evert
participants (2)
-
Evert Smit -
Togan Muftuoglu