Results 1 to 2 of 2

Thread: Firewall for Two Layer Web Hosting

  1. #1

    Firewall for Two Layer Web Hosting

    I am hosting a web site using two PCs. One is the web server which is running Ubuntu 11.04 and is port forwarded on port 80. It's local IP address is 129.168.1.5. The other is the application server which is running Ubuntu 11.10. They are both connected to the same router. I want all web access to the application server to be through the web server. Presently,the only file I have on the web server is the index.php file. It calls a bunch of php files on the application server and these call executable files that are also on the application server. index.php has menu items that allow the user to click buttons to bring up the pages associated with the php files on the app. server.

    I set up my firewall on the app. server using

    Code:
    
    sudo ufw enable
    sudo ufw allow from  129.168.1.5
    Things wok fine if I am working from the web server PC but not when I try to access my web site from another computer. I can access the home page (index.php) but when I click on one of the buttons associated with the php files on the app. server, I am blocked. I guess this means that my current set up only allows the output of the pages on the app. server to be displayed only on the web server and not to the outside world.

    I would like anyone to be able to view all of the pages and use their functionality. However I do not want hackers to be able to access and reverse engineer my executables. What would be the best solution? Do I need to have all of my php files on the web server and only the executables that they call on the application server or can I set the firewall up to allow the output of php files on the application server to the displayed to the outside world without hackers being able to access the files on the app. server?

    Many thanks in advance for any help,
    Peter.

  2. #2
    I'm not sure exactly what it is you are doing. But I'll throw out my thoughts on how you might go about it.

    To access web pages, you'll need to be able to access the root documents folder... usually HTMLdocs or wwwdata. The root folder is where your index.html (or index.php) page should reside. Then if you are re-directing users to different pages which are your second layer, then they'll need to be in a sub-folder of the root folder. Which means you have to mount the hard drive partition onto an existing sub-directory. I've never used Network File Systems (NFS) before, but if it's mountable, then it's like a hard drive but in a remote computer system and it will work.

    The index page you use, be sure not to show in the URL where the browser is being re-directed.

    Also... I'm sure running your database software in a different machine is fine... you have the ability to reference the IP address for your MySQL, PostGreSQL or SQLlite data. Server applications on a remote machine makes much sense. That will protect it from being accessed via the web/ftp services.

    The only other worry you may need to consider is SQL injection.

Similar Threads

  1. Remotely control of layer 3 switch
    By roime in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 07-25-2007, 04:42 AM
  2. Burning a dual layer DVD
    By vwgtiturbo in forum Linux - Hardware, Networking & Security
    Replies: 3
    Last Post: 07-10-2006, 04:04 AM
  3. Web Hosting
    By cmoughan in forum Linux - General Topics
    Replies: 2
    Last Post: 11-07-2004, 07:02 PM
  4. web hosting
    By knight in forum General Chat
    Replies: 16
    Last Post: 02-11-2003, 04:58 AM
  5. web hosting
    By imported_Derango in forum General Chat
    Replies: 13
    Last Post: 12-01-2001, 09:18 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •