Link to home
Start Free TrialLog in
Avatar of mrbayIt
mrbayItFlag for United States of America

asked on

host intranet site externally

Hi we have an intranet site, yet we want to make it and the databases it connect to on other internal servers available publicly from the internet.

We have a domain name already registered with att, so we can add a dns record. But how do i do this from the primary intranet servers?

I would also want to restrict login access to only those with an ldap login
Avatar of Shalom Carmel
Shalom Carmel
Flag of Israel image

The simplest recommended architecture to expose internal web servers to the internet:

Make sure that your intranet app supports form based login, and works with the LDAP of your choice. Often intranets are designed to use the workstation login for SSO, and this will fail in your case.

Make sure that your intranet app works behind a reverse proxy and does not depend on things like client IP addresses.

Harden the intranet server. Really.

Ditto the database server.
Create a DMZ on your network
Configure the DMZ access to the intranet network
Place a WAF serving as a reverse proxy in the DMZ. If you can't afford a commercial WAF, use Apache with mod_security.
Assign the A record to the WAF.
Get a pro to evaluate your actual setup, and to pentest it.
Avatar of mrbayIt

ASKER

i get it conceptually, i had many of those same ideas and guidelines im looking for an actual detailed pathway to doing this however...
lol, an actual detailed pathway is so dependent on your actual detailed setup.
The above is as detailed as it gets without the specifics.

I suggest that you get a real life expert to help you a bit.
Avatar of mrbayIt

ASKER

How do I make sure it works behind a reverse proxy
ASKER CERTIFIED SOLUTION
Avatar of Shalom Carmel
Shalom Carmel
Flag of Israel image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial