On Mon, Mar 03, 2008 at 09:51:47AM +0100, Peter Teunissen wrote: > On Mon, March 3, 2008 06:56, NN_il_Confusionario wrote: > > perhaps a minimal and secure (or at lest much less complex and so safer > > than the portmap/nfsd deamons) web server on the machine hawing the > > files, plus a reverse proxy web server on the machine in the dmz (or a > > direct port forwarding on the router/firewall). > > I was thinking of using the reverse proxy setup. > How would portmapper/nfs be more vulnerable then apache2?
I was NOT talking about apache in the LAN. If you already need apache in the DMZ, then you can configure it to work also as reverse proxy. But in the LAN I would only put a minimal/secure web server: it only serves static files, with no ability for cgi/ssi/php/whatever, and runs as non root user chrooted in a directory where it can read files but not write or execute them. Debian has many such minimal web servers (and debian-devel is discusssing in these days whether there are already too many or conversely not sufficiently many). -- Chi usa software non libero avvelena anche te. Digli di smettere. Informatica=arsenico: minime dosi in rari casi patologici, altrimenti letale. Informatica=bomba: intelligente solo per gli stupidi che ci credono. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
