Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

Web Server Gateway

Hi All,

Is there an open source version of Microsoft Forefront / ISA Server to secure server web applications access from clients from outside the network to have to go through the software firewall before hitting the web application?  This would be for an IIS website.
0
Jack_son_
Asked:
Jack_son_
4 Solutions
 
KimputerCommented:
Build another server (2 nics), with a version of linux on it. There are many choices in flavors and packages to choose from (seperately install a linux flavor, then seperately install the firewall package of your choice), or go for an all-in-one solution like ClearOS (which includes web based administration).
0
 
Sivaraj ESenior Engineer – IT InfrastructuresCommented:
Get the untangle (free / paid available) / endian (paid) installed, may be you can give try on it, its a software based firewalls

http://www.untangle.com/store/get-untangle/

http://www.endian.com/en/products/security-gateways-utm/software-appliances/#.Uxu6zImSxd0

Regards, Shiva
0
 
skullnobrainsCommented:
use a reverse proxy such as squid or possibly a tool that does some deep inspection such as haproxy (which is actually a load-balancer) if you need negectible performance drawback and a less security than a proxy

run them on whatever free opensource unix-like os you want : gnu/linux, xBSD, illumos (opensolaris) ...

you can easily find linux distributions targetted for such a use such as vulture
http://www.vultureproject.org/
see a guide with screenshots there
http://arnaud.desmons.free.fr/wordpress/?page_id=36
0
 
Jack_son_Author Commented:
Okay thanks, so would these work as like forefront, they would sit in front of the web server, so the external client would hit that first and it would send their request to the web server?
0
 
skullnobrainsCommented:
i don't know forefront products very well and not really which one of them you are referring to, so it will be difficult for me to compare features in detail.

they are targetted to work as reverse-proxies.
they receive HTTP queries, and emit fully separate queries to the webserver which actually receives no connection from the WAN. they feature tons of additional options to detect malevolent attempts but the basics are receiving queries and reemitting the same ones if they were deemed sane.

the one i mentioned is not targeted to work as a firewall. you'd need a separate firewall if you expect such functionality. solaris and bsds provide pf, and ipf which are great software firewalls. if you expect a web interface, you can try pfsense for example, which also features a builtin reverse-proxy. if you already have a firewall (which was my possibly wrong assumption), forget about this
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now