Solved

Web Server Gateway

Posted on 2014-03-08
5
231 Views
Last Modified: 2014-04-22
Hi All,

Is there an open source version of Microsoft Forefront / ISA Server to secure server web applications access from clients from outside the network to have to go through the software firewall before hitting the web application?  This would be for an IIS website.
0
Comment
Question by:Jack_son_
5 Comments
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 125 total points
ID: 39915222
Build another server (2 nics), with a version of linux on it. There are many choices in flavors and packages to choose from (seperately install a linux flavor, then seperately install the firewall package of your choice), or go for an all-in-one solution like ClearOS (which includes web based administration).
0
 
LVL 7

Assisted Solution

by:Sivaraj E
Sivaraj E earned 125 total points
ID: 39915303
Get the untangle (free / paid available) / endian (paid) installed, may be you can give try on it, its a software based firewalls

http://www.untangle.com/store/get-untangle/

http://www.endian.com/en/products/security-gateways-utm/software-appliances/#.Uxu6zImSxd0

Regards, Shiva
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 250 total points
ID: 39931383
use a reverse proxy such as squid or possibly a tool that does some deep inspection such as haproxy (which is actually a load-balancer) if you need negectible performance drawback and a less security than a proxy

run them on whatever free opensource unix-like os you want : gnu/linux, xBSD, illumos (opensolaris) ...

you can easily find linux distributions targetted for such a use such as vulture
http://www.vultureproject.org/
see a guide with screenshots there
http://arnaud.desmons.free.fr/wordpress/?page_id=36
0
 

Author Comment

by:Jack_son_
ID: 39937722
Okay thanks, so would these work as like forefront, they would sit in front of the web server, so the external client would hit that first and it would send their request to the web server?
0
 
LVL 26

Accepted Solution

by:
skullnobrains earned 250 total points
ID: 39938063
i don't know forefront products very well and not really which one of them you are referring to, so it will be difficult for me to compare features in detail.

they are targetted to work as reverse-proxies.
they receive HTTP queries, and emit fully separate queries to the webserver which actually receives no connection from the WAN. they feature tons of additional options to detect malevolent attempts but the basics are receiving queries and reemitting the same ones if they were deemed sane.

the one i mentioned is not targeted to work as a firewall. you'd need a separate firewall if you expect such functionality. solaris and bsds provide pf, and ipf which are great software firewalls. if you expect a web interface, you can try pfsense for example, which also features a builtin reverse-proxy. if you already have a firewall (which was my possibly wrong assumption), forget about this
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now