Re: Is NFS export r/o safe from lan to dmz?
On Mon, Mar 03, 2008 at 01:23:34PM +0100, NN_il_Confusionario wrote:
> On Mon, Mar 03, 2008 at 09:51:47AM +0100, Peter Teunissen wrote:
> > On Mon, March 3, 2008 06:56, NN_il_Confusionario wrote:
> > > perhaps a minimal and secure (or at lest much less complex and so safer
> > > than the portmap/nfsd deamons) web server on the machine hawing the
> > > files, plus a reverse proxy web server on the machine in the dmz (or a
> > > direct port forwarding on the router/firewall).
> I was NOT talking about apache in the LAN. If you already need apache in
> the DMZ, then you can configure it to work also as reverse proxy. But in
> the LAN I would only put a minimal/secure web server: it only serves
> static files, with no ability for cgi/ssi/php/whatever, and runs as non
> root user chrooted in a directory where it can read files but not write
> or execute them. Debian has many such minimal web servers (and
> debian-devel is discusssing in these days whether there are already too
> many or conversely not sufficiently many).
Wouldn't a chrooted ftp server do the same thing?
Reply to: