[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] best use of RaQ3i & RaQ3
- Subject: Re: [cobalt-users] best use of RaQ3i & RaQ3
- From: "Brett" <brettnewman@xxxxxxxxx>
- Date: Wed Jul 19 09:44:25 2000
Any ideas on how to get the mod_proxy installed
Brett
----- Original Message -----
From: "John Rood" <john@xxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, July 18, 2000 4:30 PM
Subject: Re: [cobalt-users] best use of RaQ3i & RaQ3
> On Mon, 17 Jul 2000, B. Newman wrote:
>
> > I have one RaQ3 with 13.2 GB and one RaQ3i with 15.x GB HD. I want to
use
> > one server for my main site and a few small virtuals, and one server to
> > store records with MySQL. My setup needs to be as secure as possible
and
> > the transfer of my site and records need to be done by the end of the
week.
> > Does anyone have any advice on the best way to set this up and which
server
> > to use for sites and database. The database will contain sensitive
info, so
> > use of a firewall or any other security appliance or application will be
> > needed if possible. I have been informed that all work on the servers
needs
> > to remain in-house.
> > Any advice on or off list will be greatly appreciated.
> >
> > Thanks,
> > B. Newman
> > brettnewman@xxxxxxxxx
>
> Hi Brett,
>
> Using these two machines, the easiest way to create a reasonable secure
> setup, is using the raq3i as the webserver and the raq3. You just hookup
> the raq3 to the 2nd ethernet interface of the 3i, creating a small private
> network. This way the database server isn't directly accessable from the
> net, but the security stands and falls with the setup/programming on the
> 3i. If this box gets compromised, it's fairly simple to access the
> database server and probably get mysql account info from one of the
> scripts/programs used on the webserver. What a better setup might be, is a
> small variation on the above one, but only with a firewall between the
> raq3i and raq3, with a tunnel through it from the raq3i to the raq3. If
> this setup is possible depends on your website setup and the parts of it
> that need db access. The 'normal' parts of the site(s) that don't need db
> access run on the raq3i (the front), the senstive parts that use db access
> run on the raq3, on it's own webserver safely tucked away behind the
> firewall. The db parts can be made available via a reverse proxy setup in
> apache on the raq3i using mod_rewrite and mod_proxy (not installed by
> default). This way it's pretty hard to distinguish between parts of the
> site served by the raq3i or the raq3. There are various other setups, but
> these two are the most simple (and cheapest setups) i guess. If you want a
> really really really secure setup, i suggest you contact some consulting
> agency that specializes in setups like this. They can tailor a solution
> for your needs and prolly give a guarantee too.
>
> Best regards,
> John
>
> --
> Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
spread!
> --
> John C. Rood
> UNIX programmer/Database developer/System administrator
> SFARC Networks, The Netherlands - http://www.sfarc.net
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>