httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phoenix <apa...@phoenixphire.org>
Subject Re: [users@httpd] DMZ and Port Forward
Date Tue, 14 Mar 2006 06:05:20 GMT
Actually, the reason you use a DMZ is because if a vulnerability is
found in you web server and you box gets taken over, the hacker doesn't
have access to your entire LAN, only stuff that is sitting in your DMZ
(DeMilitarised Zone). You still firewall your DMZ, and usually have a
2nd firewall between your DMZ and your LAN.

Phoenix

Dustin Oprea wrote:
> The web server will then receive everything that isn't assigned to 
> port-forward. This includes worms and such that prey on the weaknesses 
> of whatever machine they can reach, including the hapless MSIE-enabled 
> Windows machine that the DMZ entry might point to. This just seems 
> unnecessary considering your typical webserver usually requires just one 
> port coming in.
> 
> If you absolutely, positively need a DMZ host, it's because you ran out 
> of slots for port-forwarding on your router, and just need enough things 
> on one machine that you just set the entire thing as a DMZ. If you need 
> a DMZ and you can help it, use a Linux box.
> 
> Dustin
> 
> 
> Michael Louie Loria wrote:
> 
>> Hello,
>>
>> What is the difference if I place the web server in DMZ or behind the
>> router via Port forward?
>>
>> What are the security, performance ... issues between the 2?
>>
>> Thanks,
>>
>> Michael Louie Loria
>> LoRz Technology Solutions
>> http://www.lorztech.com
>>
>>  
>>
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message