Solved

Web Server Gateway

Posted on 2014-03-08
5
245 Views
Last Modified: 2014-04-22
Hi All,

Is there an open source version of Microsoft Forefront / ISA Server to secure server web applications access from clients from outside the network to have to go through the software firewall before hitting the web application?  This would be for an IIS website.
0
Comment
Question by:Jack_son_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 125 total points
ID: 39915222
Build another server (2 nics), with a version of linux on it. There are many choices in flavors and packages to choose from (seperately install a linux flavor, then seperately install the firewall package of your choice), or go for an all-in-one solution like ClearOS (which includes web based administration).
0
 
LVL 7

Assisted Solution

by:Sivaraj E
Sivaraj E earned 125 total points
ID: 39915303
Get the untangle (free / paid available) / endian (paid) installed, may be you can give try on it, its a software based firewalls

http://www.untangle.com/store/get-untangle/

http://www.endian.com/en/products/security-gateways-utm/software-appliances/#.Uxu6zImSxd0

Regards, Shiva
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 250 total points
ID: 39931383
use a reverse proxy such as squid or possibly a tool that does some deep inspection such as haproxy (which is actually a load-balancer) if you need negectible performance drawback and a less security than a proxy

run them on whatever free opensource unix-like os you want : gnu/linux, xBSD, illumos (opensolaris) ...

you can easily find linux distributions targetted for such a use such as vulture
http://www.vultureproject.org/
see a guide with screenshots there
http://arnaud.desmons.free.fr/wordpress/?page_id=36
0
 

Author Comment

by:Jack_son_
ID: 39937722
Okay thanks, so would these work as like forefront, they would sit in front of the web server, so the external client would hit that first and it would send their request to the web server?
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 250 total points
ID: 39938063
i don't know forefront products very well and not really which one of them you are referring to, so it will be difficult for me to compare features in detail.

they are targetted to work as reverse-proxies.
they receive HTTP queries, and emit fully separate queries to the webserver which actually receives no connection from the WAN. they feature tons of additional options to detect malevolent attempts but the basics are receiving queries and reemitting the same ones if they were deemed sane.

the one i mentioned is not targeted to work as a firewall. you'd need a separate firewall if you expect such functionality. solaris and bsds provide pf, and ipf which are great software firewalls. if you expect a web interface, you can try pfsense for example, which also features a builtin reverse-proxy. if you already have a firewall (which was my possibly wrong assumption), forget about this
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question