Subject: Re: Iptables and a web server
From: Arthur Corliss (arthur@corlissfamily.org)
Date: Mon Apr 22 2002 - 17:45:44 AKDT
> I have a web server that is behind my firewall. What I would like
> to do is to redirect and web traffic that is directed to a
> particular URL.
>
> So if the url is:
>
> http://mysite.com/myurl
>
> then I want to redirect that traffic to the webserver. However, if
> the url is:
>
> http://mysite.com/notallowedurl
>
> Then I want to rejected it at the firewall? Is this better done at the
> webserver? I just didn't want any traffic inside my net that wasn't
> supposed to be there.
Firewalls aren't typically used to filter at the application layer, which is
what you're trying to do. Proxy/Caching filters are better suited for what
you want, but even then, you could easily do it on the Apache server itself.
There's nothing inherently unsafe about doing it this way as long as your
publically exposed servers are inside the DMZ (i.e., inside the public
firewall, but outside the internal firewall/network).
----Arthur Corliss Bolverk's Lair -- http://arthur.corlissfamily.org/ Digital Mages -- http://www.digitalmages.com/ "Live Free or Die, the Only Way to Live" -- NH State Motto
--------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Tue Apr 23 2002 - 11:43:55 AKDT