Solved

Hiding IIS with an Apache reverse proxy

Posted on 2004-08-02
4
243 Views
Last Modified: 2013-12-04
Based on the recent bugs in IIS I am looking at hiding IIS behind an Apache reverse proxy.  Will this work or with the current problem will it just pass the request unaltered to the IIS box?  If it does work are there any configuration issues that I should know?
0
Comment
Question by:NBBCTest01
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 11699475
From reading up on Apache's RP, looks like it's transparent, all request will be passed- meaning if you look at the headers you get back, they will say IIS verXX. There are filters that can be applied on the apache porxy that may deny certain exploits, but your best bet is to lock it(iis) down with IIS-Lockdown, and UrlScan... keep up with patches, and run AV on the servers if possible. Or move to Apache altogether... always block all ports except the most necessary ones.

http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp
http://www.microsoft.com/technet/security/tools/urlscan.mspx

-rich
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
A short film showing how OnPage and Connectwise integration works.
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now