Solved

Forwarding web calls to a second server with a proxy

Posted on 2004-03-31
5
201 Views
Last Modified: 2010-04-09
Hi There,

We're looking into setting up a server in a DMZ that will forward web site requests on to a second server inside our network.  The idea is that nothing's running on the server in the DMZ except this 'proxy' software, so that if the machine gets hacked, we wipe it clean with minimal recovery effort.  

What we want to happen is that a user conncects to the server in the DMZ, and the 'proxy' takes the web requests and forwards it to a web server inside the firewall.   The 'proxy' gets the response back from the web server and sends it back to the calling code.  We don't want to use URL redirection, because the idea is that only the 'proxy' server has permission to contact the web server on the internal network.  It's kinda like an anonymous proxy, but we don't care about hiding the IP Addresses of the connecting clients.  Right now we're looking at handling HTTP and HTTP/S calls

Ideally we're looking for something that runs on a Windows OS.  Is there any way to configure ISA Server or IIS to do this?  Otherwise we'll have to look into putting our ASP code on the DMZ server and connecting to the database inside our network.

Thanks.
0
Comment
Question by:afuchigami
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 7

Expert Comment

by:fim32
ID: 10725711
hmm, apache has this functionality, and runs on windows...
0
 

Author Comment

by:afuchigami
ID: 10726765
It turns out that the ISA Server might have this capability already (reverse proxy).  If so, then we'll go with this approach, as opposed to installing another piece of software (and potentially one more layer to break/get hacked).  I'll check it out and post back later.

Thanks.
0
 

Accepted Solution

by:
afuchigami earned 0 total points
ID: 10727796
ISA Server (which is the evolution from Microsoft Proxy Server 2.0) does indeed support reverse proxying.  In ISA Server, it's called Web Publishing.

There's a good article at http://www.pcquest.com/cgi-bin/printer.asp?id=36168 that goes into more details, including an example of how to configure the ISA server.

I'm going to have this question closed out.

Thanks.

0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question