Re: Need recomendations for https proxy that serves as a firewall proxy
Dale Amon wrote:
> On Wed, Dec 31, 2003 at 03:05:43PM +0100, Richard Atterer wrote:
>> On Wed, Dec 31, 2003 at 11:33:02AM +0200, Haim Ashkenazi wrote:
>> > I have a client that have an exchange server inside the LAN and he
>> > wants to access the web interface from the world. I thought I'll put a
>> > transparent proxy server on the DMZ. apt-cache search proxy gave a few
>> > options but except squid (which is a little overkill for this) I don't
>> > know any of them (especially in terms of security) and I'm looking for
>> > recommendations.
>>
>> Um, do I understand correctly that you want to allow access from the
>> internet to a machine in your client's LAN? In that case, squid is indeed
>> the wrong solution.
>
> I think they may be talking about MS Exchange Server.
> The program I like to think of as "The Internet's
> Answer to the Petrie Dish*"
;)
>
> I do not think I would use the words "Exchange Server"
> and "Security" in the same breath.
couldn't agree more. if only all my clients would feel this way...
>
> On the serious side, you probably could allow a port
> redirect to that machine if there are no other web
> services to be accessed.
wouldn't port redirection allow direct access to the exchange server? I
thought I would put something in the middle...
it doesn't really matter what's on the other side. I thought that this setup
(proxy firewall) would be more secure then direct access (even to
apache...).
thanx
--
Haim
Reply to: