Solved

wish to setup a secure web server for downloads, but wont be able to see main network

Posted on 2011-09-26
4
232 Views
Last Modified: 2012-05-12
Hi, My boss has asked me to setup a webserver that will only distribute pdf reports to customers.
I was thinking of setting up a very simple webserver, that customers can see the pdfs and download as they need. not many clients will access it per day, so will host internally for remote access.
My users need to be able to copy the pdf's from our normal works network (sbs2011) to the folder of the webserver. Rather than using an FTP server/cloud, etc.

I was thinking of having our external IP hit our router, then some how redirect to the webserver. But not have the webserver on the same network as the domain. maybe use a few routers ?

What i'm after is a simple and cheap soluton to this. Where we can see the webserver. but if the webserver gets hacked, it can't access our network ?
0
Comment
Question by:total123
4 Comments
 
LVL 13

Assisted Solution

by:themrrobert
themrrobert earned 25 total points
Comment Utility
Put it on the DMZ, there are settings in every router for it, as well as hundreds of google results to help get you there.

Best of luck,
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 25 total points
Comment Utility
Are you planning to have the server on your domain, to allow users to copy files to it? Very dangerous to do that.
Password protect acces to the DMZ webserver, don't leave it public; ideally restrict access to the server by only allowing specific IP addresses to go through the firewall/router to the DMZ rather than "any".
Set up the redirect by using a non-standard web port rather then port 80; e.g. port 5643
tell your clients to use the URL http://x.x.x.x:5643, set the firewall/router to redirect that to the DMZ server as x.x.x.x on port 80.
That should deal with most of the idiots out there!
Good luck
Gareth
0
 

Author Comment

by:total123
Comment Utility
thanks for the reply, I've looked at a solution of installing a firewall router that would then split the DMZ to the webserver and have another connection to another firewall router for the domain.
This would then allow the users to copy data to the webserver.
The webserver wouldn't need to be part of the domain.

how does that sound
0
 

Expert Comment

by:AytuncBeken
Comment Utility
If you are looking for user to put files to webserver you should user file server instead of web server. And if you have any access managemenet functiin you can configure file server to check credentials.
Also with firewall you can open file server  to internet with access control.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
This video discusses moving either the default database or any database to a new volume.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now