[thelist] Firewalls vs. Web Databases
Daniel J. Cody
djc at starkmedia.com
Thu Sep 20 11:56:57 CDT 2001
A variation of this is something I tend to do..
Config your webserver so that it will work inside or outside the
firewall and install an additional network card in it.
Configure that second NIC to be on a private network(10.10.10.0 for
example), then configure your database to sit on that private network as
well. Plug the second NIC on your webserver and your DB into a
hub/switch, and configure them to talk to eachother over that *private*
link.(further security could be added by only allowing the DB to talk to
the IP address of the second NIC on the webserver)
With this method, the DB doesn't care whether or not its in front of or
behind a firewall, and since the webserver and the DB talk over a
private link, the webserver doesn't care either. The DB can always be
reached on that private network whether or not there's a firewall in
front of the public IP address of the webserver and the webserver more
or less acts as a firewall between the DB and the internet.
You'll also see an improvment in speed between the DB and the webserver
since they're on a dedicated link with eachother. :)
Again, just my preference.. If anything is unclear or you have
questions, feel free to shout :)
.djc.
J. Blanchard wrote:
> Or third, we could establish a data server outside of the firewall with the web server, replicate needed items from inside the firewall for the database, and create a subnet between the servers.
More information about the thelist
mailing list