i am running an Apache Web Server (more specifically a Jakarta-Tomcat sever). today when i got back at work and i look at the web server screen (you have to be familiar with Jakarta-Tomcat to understand what i mean), i found that someone had left me a very nice message there. it is impossible that anyone other than the intruder left that message because no one can type on this screen + no one could have logged on it during the weekend.
this is my configuration:
- i am running windows 2000 server
- i am running jakarta-tomcat in a port (2020) that is not the default port (80, 8080)
- i am also running a mysql database
- i am running an ftp server
- i am behind a very simple LinkSys router (there is only one another computer behind this router as well). i am forwarding any requests to port 2020 and 21 to my box.
i am considering to install a firewall but i am concern about the fact that requests to the pages that are hosted in my server are going to be comming from all over the world so i am not sure if this is a good idea. in addtion if i get a firewall, should i only authorize requests comming from the router that is in front of me ?????? i have never deal with firewalls and my knowledge about them is limited. here are are my questions :
1- should i install a firewall and if so, please give me a suggestion
2- should i limit the trafic to my box to the IP of the router in front of me or should i limit it to the ports that i am planing to leave open.
3- how can i limit the number of request comming from one IP in an Jakarta-Tomcat Apache Server (i know that this can be done in an IIS server.
any suggestions will be appreciated,