You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Dustin Oprea <ae...@blitzeclipse.com> on 2006/03/13 12:55:20 UTC
Re: [users@httpd] DMZ and Port Forward
The web server will then receive everything that isn't assigned to
port-forward. This includes worms and such that prey on the weaknesses
of whatever machine they can reach, including the hapless MSIE-enabled
Windows machine that the DMZ entry might point to. This just seems
unnecessary considering your typical webserver usually requires just one
port coming in.
If you absolutely, positively need a DMZ host, it's because you ran out
of slots for port-forwarding on your router, and just need enough things
on one machine that you just set the entire thing as a DMZ. If you need
a DMZ and you can help it, use a Linux box.
Dustin
Michael Louie Loria wrote:
>Hello,
>
>What is the difference if I place the web server in DMZ or behind the
>router via Port forward?
>
>What are the security, performance ... issues between the 2?
>
>Thanks,
>
>Michael Louie Loria
>LoRz Technology Solutions
>http://www.lorztech.com
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] DMZ and Port Forward
Posted by Phoenix <ap...@phoenixphire.org>.
Actually, the reason you use a DMZ is because if a vulnerability is
found in you web server and you box gets taken over, the hacker doesn't
have access to your entire LAN, only stuff that is sitting in your DMZ
(DeMilitarised Zone). You still firewall your DMZ, and usually have a
2nd firewall between your DMZ and your LAN.
Phoenix
Dustin Oprea wrote:
> The web server will then receive everything that isn't assigned to
> port-forward. This includes worms and such that prey on the weaknesses
> of whatever machine they can reach, including the hapless MSIE-enabled
> Windows machine that the DMZ entry might point to. This just seems
> unnecessary considering your typical webserver usually requires just one
> port coming in.
>
> If you absolutely, positively need a DMZ host, it's because you ran out
> of slots for port-forwarding on your router, and just need enough things
> on one machine that you just set the entire thing as a DMZ. If you need
> a DMZ and you can help it, use a Linux box.
>
> Dustin
>
>
> Michael Louie Loria wrote:
>
>> Hello,
>>
>> What is the difference if I place the web server in DMZ or behind the
>> router via Port forward?
>>
>> What are the security, performance ... issues between the 2?
>>
>> Thanks,
>>
>> Michael Louie Loria
>> LoRz Technology Solutions
>> http://www.lorztech.com
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org