Solved

Web Server Gateway

Posted on 2014-03-08
5
240 Views
Last Modified: 2014-04-22
Hi All,

Is there an open source version of Microsoft Forefront / ISA Server to secure server web applications access from clients from outside the network to have to go through the software firewall before hitting the web application?  This would be for an IIS website.
0
Comment
Question by:Jack_son_
5 Comments
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 125 total points
ID: 39915222
Build another server (2 nics), with a version of linux on it. There are many choices in flavors and packages to choose from (seperately install a linux flavor, then seperately install the firewall package of your choice), or go for an all-in-one solution like ClearOS (which includes web based administration).
0
 
LVL 7

Assisted Solution

by:Sivaraj E
Sivaraj E earned 125 total points
ID: 39915303
Get the untangle (free / paid available) / endian (paid) installed, may be you can give try on it, its a software based firewalls

http://www.untangle.com/store/get-untangle/

http://www.endian.com/en/products/security-gateways-utm/software-appliances/#.Uxu6zImSxd0

Regards, Shiva
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 250 total points
ID: 39931383
use a reverse proxy such as squid or possibly a tool that does some deep inspection such as haproxy (which is actually a load-balancer) if you need negectible performance drawback and a less security than a proxy

run them on whatever free opensource unix-like os you want : gnu/linux, xBSD, illumos (opensolaris) ...

you can easily find linux distributions targetted for such a use such as vulture
http://www.vultureproject.org/
see a guide with screenshots there
http://arnaud.desmons.free.fr/wordpress/?page_id=36
0
 

Author Comment

by:Jack_son_
ID: 39937722
Okay thanks, so would these work as like forefront, they would sit in front of the web server, so the external client would hit that first and it would send their request to the web server?
0
 
LVL 26

Accepted Solution

by:
skullnobrains earned 250 total points
ID: 39938063
i don't know forefront products very well and not really which one of them you are referring to, so it will be difficult for me to compare features in detail.

they are targetted to work as reverse-proxies.
they receive HTTP queries, and emit fully separate queries to the webserver which actually receives no connection from the WAN. they feature tons of additional options to detect malevolent attempts but the basics are receiving queries and reemitting the same ones if they were deemed sane.

the one i mentioned is not targeted to work as a firewall. you'd need a separate firewall if you expect such functionality. solaris and bsds provide pf, and ipf which are great software firewalls. if you expect a web interface, you can try pfsense for example, which also features a builtin reverse-proxy. if you already have a firewall (which was my possibly wrong assumption), forget about this
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
With healthcare moving into the digital age with things like Healthcare.gov, the digitization of patient records and video conferencing with patients, data has a much greater chance of being exposed than ever before.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question