Solved

wish to setup a secure web server for downloads, but wont be able to see main network

Posted on 2011-09-26
4
239 Views
Last Modified: 2012-05-12
Hi, My boss has asked me to setup a webserver that will only distribute pdf reports to customers.
I was thinking of setting up a very simple webserver, that customers can see the pdfs and download as they need. not many clients will access it per day, so will host internally for remote access.
My users need to be able to copy the pdf's from our normal works network (sbs2011) to the folder of the webserver. Rather than using an FTP server/cloud, etc.

I was thinking of having our external IP hit our router, then some how redirect to the webserver. But not have the webserver on the same network as the domain. maybe use a few routers ?

What i'm after is a simple and cheap soluton to this. Where we can see the webserver. but if the webserver gets hacked, it can't access our network ?
0
Comment
Question by:total123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 13

Assisted Solution

by:themrrobert
themrrobert earned 25 total points
ID: 36602389
Put it on the DMZ, there are settings in every router for it, as well as hundreds of google results to help get you there.

Best of luck,
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 25 total points
ID: 36708418
Are you planning to have the server on your domain, to allow users to copy files to it? Very dangerous to do that.
Password protect acces to the DMZ webserver, don't leave it public; ideally restrict access to the server by only allowing specific IP addresses to go through the firewall/router to the DMZ rather than "any".
Set up the redirect by using a non-standard web port rather then port 80; e.g. port 5643
tell your clients to use the URL http://x.x.x.x:5643, set the firewall/router to redirect that to the DMZ server as x.x.x.x on port 80.
That should deal with most of the idiots out there!
Good luck
Gareth
0
 

Author Comment

by:total123
ID: 36961564
thanks for the reply, I've looked at a solution of installing a firewall router that would then split the DMZ to the webserver and have another connection to another firewall router for the domain.
This would then allow the users to copy data to the webserver.
The webserver wouldn't need to be part of the domain.

how does that sound
0
 

Expert Comment

by:AytuncBeken
ID: 36961618
If you are looking for user to put files to webserver you should user file server instead of web server. And if you have any access managemenet functiin you can configure file server to check credentials.
Also with firewall you can open file server  to internet with access control.
0

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here I am going to explain creating proxies at runtime for WCF Service. So basically we use to generate proxies using Add Service Reference and then giving the Url of the WCF service then generate proxy files at client side. Ok, what if something ge…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question