Re: Newbie - Apache as internet facing proxy for Windows/IIS backend .net app server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok, a follow-up question...

My only concern here is security. This is not and never will be a heavily used system, but it will serve as a gateway to a backend accounting system, so I'm not concerned with load balancing or any of the other features that come with a reverse proxy. My only concern is that it be as secure as possible.

I know that a reverse proxy in and of itself doesn't add any real security (other than this will be running on linux, which I'm more comfortable exposing to the internet).

So, with that in mind... I would appreciate any links to how to do this with security as the primary goal. Something more than just 'enable mod_security'.

Also, I would be very open to paying a consultant to assist in setting this up, if I can be convinced they are legit and worth their asking price. Two things I'd want/need help with is testing to whittle down the http features to only those necessary to interact with our system, taking advantage of mod_secs 'continuous passive security assessment' feature, and anything else that makes sense.

And thanks for the responses so far!

Charles

On Mon May 07 2018 13:56:56 GMT-0400 (Eastern Standard Time), Yehuda Katz <yehuda@xxxxxxxxxx> wrote:
Your application will still need to run on a Windows server with IIS, but it can be behind your firewall. Your Apache HTTPD server would go in your DMZ and would proxy connections between the clients on the internet and the internal server. (Your firewall would need to allow those connections.) 

- Y

On Mon, May 7, 2018 at 1:44 PM Charles Marcus <CMarcus@xxxxxxxxxxxxxxxxx> wrote:
Ok, thanks!

But to be clear - I asked the Support people and was told, and I quote:

"The Webvantage, Client Portal and Mobile Server applications are .Net IIS applications that require Microsoft Windows and IIS."

So... was that just a typical response from a Windows support person who doesn't really understand web servers?

The software in question is described here:

http://www.gotoadvantage.com/web-based-management-software

I don't mind doing the work, I'd just rather not go down a rabbit hole trying to do something that can/will never work.

Thanks again,

Charles


On Mon May 07 2018 13:37:36 GMT-0400 (Eastern Standard Time), Yehuda Katz <yehuda@xxxxxxxxxx> wrote:
Certainly. I would start with the Reverse Proxy Guide: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
Come back here if you have any questions.

- Y

On Mon, May 7, 2018 at 1:32 PM Charles Marcus <CMarcus@xxxxxxxxxxxxxxxxx> wrote:
Hello all,

I just want to know if this is even worth my time trying to figure out.

We have an Accounting application (.ne/IIS on Windows Server 2008R2) on our LAN, but I need to provide a window to this through the internet, and I'd really, really like to not put a Windows Server on our DMZ facing the internet directly (if I have to, it will be a separate/standalone server that redirects/proxies to the Accounting server).

first and foremost - is it even possible to setup an Apache server to do this? I loathe IIS, and also don't know much about it, but I'm also pretty much a noob when it comes to web servers in general. I do have some experience a while back with Apache, which is why I'm starting here.

If it isn't, so be it, but if it is, is it very involved?

Tia...

Charles



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux