[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Need recomendations for https proxy that serves as a firewall proxy

On Wed, 2003-12-31 at 07:15, Haim Ashkenazi wrote:
> Dale Amon wrote:
> > On Wed, Dec 31, 2003 at 03:05:43PM +0100, Richard Atterer wrote:
> >> On Wed, Dec 31, 2003 at 11:33:02AM +0200, Haim Ashkenazi wrote:
> >> > I have a client that have an exchange server inside the LAN and he
> >> > wants to access the web interface from the world. I thought I'll put a
> >> > transparent proxy server on the DMZ. apt-cache search proxy gave a few
> >> > options but except squid (which is a little overkill for this) I don't
> >> > know any of them (especially in terms of security) and I'm looking for
> >> > recommendations.
> >> 
> >> Um, do I understand correctly that you want to allow access from the
> >> internet to a machine in your client's LAN? In that case, squid is indeed
> >> the wrong solution.
> > 
> > I think they may be talking about MS Exchange Server.
> > The program I like to think of as "The Internet's
> > Answer to the Petrie Dish*"
> ;)
> > 
> > I do not think I would use the words "Exchange Server"
> > and "Security" in the same breath.
> couldn't agree more. if only all my clients would feel this way...
> > 
> > On the serious side, you probably could allow a port
> > redirect to that machine if there are no other web
> > services to be accessed.
> wouldn't port redirection allow direct access to the exchange server? I
> thought I would put something in the middle...
> it doesn't really matter what's on the other side. I thought that this setup
> (proxy firewall) would be more secure then direct access (even to
> apache...).

I've set this up using apache, mod_ssl, and mod_proxy.  I proxy the box
running Outlook Web Access (not the Exchange Server, but another Win2K
box in the Domain).  The firewall only allows the apache box to talk
through to the Outlook Web Access box, and only allows the outside to
talk to apache via SSL.  Seemed like the best solution to a sticky


> thanx
> --
> Haim

Reply to: