We help IT Professionals succeed at work.

Two Website Dilemma!

i have to make two web based applications available externally, each site is hosted on a different server one on the DMZ and the other on the LAN. There is a rule on  our CISCO ASA that redirects all http traffic to the server on the DMZ, so at the moment one site is available externally.

Any idea how I proceed to make the other site available externally?
Watch Question

Ernie BeekSenior infrastructure engineer
Top Expert 2012

Do you happen to have more than one public ip address?
Top Expert 2010
I am not a web guy but i can think of 2 options of the top of my head.

1) Run the other website on a port other than 80 and get that forwarded by ASA to the other box.

2) Put both sites on the same box as use host headers to make the distinction.


Yes, But I wouldn't want to give each server a public IP..
Ernie BeekSenior infrastructure engineer
Top Expert 2012
Well, if one is in the DMZ and the other is in the lan you might need to if you don't want to put both sites on one server and use host headers.
Of course if you use portforwarding on a public, you can always forward other ports to other servers if needed.
If there's only one public IP address available, there are really only a few options.  Run both on the same server, or have one of the Apache instances listening on a port other than 80.  A possible option, which I'm not qualified to do much more with than give a high-level explanation, is to use a reverse proxy.

From what I understand, the reverse proxy basically redirects requests based on the given headers.  So if you've got "www.siteone.com" on and "www.sitetwo.com" on (both listening on port 80), the reverse proxy would redirect accordingly.  It might fix the problem, but in my opinion for just two websites it's like using a sledgehammer to put in a nail... but it's an option.
if you only want to use a single public address, then a reverse proxy is the route I would take, as long as you only need http traffic and not https traffic, however I would usually just use a dedicated address for each web server.