Hi-ho, I propose you go with the reverse proxy and install ModSecurity with the Core Rule set. That should be enough for a general level of security. However, you should keep an eye on the audit-logs of ModSecurity, as the core rules let many possible attacks pass, but say so in the audit log. (This can be adjusted, but could bring more false positives). Regs, Christian On Wed, Jan 23, 2008 at 11:24:18AM -0000, Paul Cocker wrote: > We have a helpdesk system which is accessed via HTTPS. However, the web > interface is handled via Apache Tomcat, which is shipped as part of the > product and therefore cannot be updated independently by us as this > could interfere with manufacturer patches and void our support. This > makes us nervous of offering access to this facility to anyone outside > the internal network. > > However, setting up a reverse proxy on a DMZ box is an option to us, but > I'm unsure as to whether this would mitigate the security concerns or > not of a web hosting tool which we don't have the ability to keep it > 100% up-to-date. > > I'm thinking this is ground we shouldn't tread, but I'm looking for > advice from those more experienced in reverse proxy. > > Paul > > > > > TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY. > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|