Ok, a follow-up question...
My only concern here is security. This is not and never will be a
heavily used system, but it will serve as a gateway to a backend
accounting system, so I'm not concerned with load balancing or any
of the other features that come with a reverse proxy. My only
concern is that it be as secure as possible.
I know that a reverse proxy in and of itself doesn't add any real
security (other than this will be running on linux, which I'm more
comfortable exposing to the internet).
So, with that in mind... I would appreciate any links to how to do
this with security as the primary goal. Something more than just
'enable mod_security'.
Also, I would be very open to paying a consultant to assist in
setting this up, if I can be convinced they are legit and worth
their asking price. Two things I'd want/need help with is testing to
whittle down the http features to only those necessary to interact
with our system, taking advantage of mod_secs 'continuous passive
security assessment' feature, and anything else that makes sense.
And thanks for the responses so far!
Charles
On Mon May 07 2018 13:56:56 GMT-0400
(Eastern Standard Time), Yehuda Katz <yehuda@xxxxxxxxxx>
wrote:
Your application will still need to run on a
Windows server with IIS, but it can be behind your firewall.
Your Apache HTTPD server would go in your DMZ and would proxy
connections between the clients on the internet and the internal
server. (Your firewall would need to allow those connections.)
- Y
Ok, thanks!
But to be clear - I asked the Support people and was told,
and I quote:
"The Webvantage, Client
Portal and Mobile Server applications are .Net IIS
applications that require Microsoft Windows and IIS."
So... was that just a typical response from a Windows
support person who doesn't really understand web servers?
The software in question is described here:
http://www.gotoadvantage.com/web-based-management-software
I don't mind doing the work, I'd just rather not go down a
rabbit hole trying to do something that can/will never work.
Thanks again,
Charles
On Mon
May 07 2018 13:37:36 GMT-0400 (Eastern Standard Time),
Yehuda Katz <yehuda@xxxxxxxxxx>
wrote:
Hello all,
I just want to know if this is even worth my time
trying to figure out.
We have an Accounting application (.ne/IIS on
Windows Server 2008R2) on our LAN, but I need to
provide a window to this through the internet, and
I'd really, really like to not put a Windows Server
on our DMZ facing the internet directly (if I have
to, it will be a separate/standalone server that
redirects/proxies to the Accounting server).
first and foremost - is it even possible to setup an
Apache server to do this? I loathe IIS, and also
don't know much about it, but I'm also pretty much a
noob when it comes to web servers in general. I do
have some experience a while back with Apache, which
is why I'm starting here.
If it isn't, so be it, but if it is, is it very
involved?
Tia...
Charles
|