[ QUOTE ] [ QUOTE ] security is not the only thing i need. i have different servers with different ports (other then 80 and 443) behind the firewall. i need to access the servers over
ASL is a security software no ? So, to my mind, using DNAT is pretty insecure so, Reverse Proxying should be a really part of ASL.
I can't believe that NetWork and Security Administrators who setup Web Servers behind ASL think that DNAT a WebServer behind ASL is secure. Or there are pretty bad ... [:(]
Moreover, if Reverse Proxy is not implemented on ASL, we must setup another computer for only Reverse Proxy???? it is to expensive i think due to the using.
[ QUOTE ] ASL is a security software no ? So, to my mind, using DNAT is pretty insecure so, Reverse Proxying should be a really part of ASL.
I can't believe that NetWork and Security Administrators who setup Web Servers behind ASL think that DNAT a WebServer behind ASL is secure. Or there are pretty bad ... [:(]
Moreover, if Reverse Proxy is not implemented on ASL, we must setup another computer for only Reverse Proxy???? it is to expensive i think due to the using.
Best regards,
[/ QUOTE ]
not expensive at all if using linux as the proxy(hardware is cheap these days)....also as i said before if you are only forwarding hte needed ports then it is just as secure...as long as the machine with the webserver is properly configured and patched...but hey..to each their own..K.I.S.S works best in most situations..frnakly you put all the proxies you want to in front of a webserver but if that bad boy is not patched or is misconfigured..it will get owned...all the complexity in the world will not save a porrly or improperly maintained box..nough said..
