Solved

wish to setup a secure web server for downloads, but wont be able to see main network

Posted on 2011-09-26
4
233 Views
Last Modified: 2012-05-12
Hi, My boss has asked me to setup a webserver that will only distribute pdf reports to customers.
I was thinking of setting up a very simple webserver, that customers can see the pdfs and download as they need. not many clients will access it per day, so will host internally for remote access.
My users need to be able to copy the pdf's from our normal works network (sbs2011) to the folder of the webserver. Rather than using an FTP server/cloud, etc.

I was thinking of having our external IP hit our router, then some how redirect to the webserver. But not have the webserver on the same network as the domain. maybe use a few routers ?

What i'm after is a simple and cheap soluton to this. Where we can see the webserver. but if the webserver gets hacked, it can't access our network ?
0
Comment
Question by:total123
4 Comments
 
LVL 13

Assisted Solution

by:themrrobert
themrrobert earned 25 total points
ID: 36602389
Put it on the DMZ, there are settings in every router for it, as well as hundreds of google results to help get you there.

Best of luck,
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 25 total points
ID: 36708418
Are you planning to have the server on your domain, to allow users to copy files to it? Very dangerous to do that.
Password protect acces to the DMZ webserver, don't leave it public; ideally restrict access to the server by only allowing specific IP addresses to go through the firewall/router to the DMZ rather than "any".
Set up the redirect by using a non-standard web port rather then port 80; e.g. port 5643
tell your clients to use the URL http://x.x.x.x:5643, set the firewall/router to redirect that to the DMZ server as x.x.x.x on port 80.
That should deal with most of the idiots out there!
Good luck
Gareth
0
 

Author Comment

by:total123
ID: 36961564
thanks for the reply, I've looked at a solution of installing a firewall router that would then split the DMZ to the webserver and have another connection to another firewall router for the domain.
This would then allow the users to copy data to the webserver.
The webserver wouldn't need to be part of the domain.

how does that sound
0
 

Expert Comment

by:AytuncBeken
ID: 36961618
If you are looking for user to put files to webserver you should user file server instead of web server. And if you have any access managemenet functiin you can configure file server to check credentials.
Also with firewall you can open file server  to internet with access control.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While working on Silverlight and WCF application, I faced one issue where fault exception occurred at WCF operation contract is not getting propagated to Silverlight client. So after searching net I came to know that it was behavior by default for s…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now