[ale] web server network

Joseph A Knapka jknapka at earthlink.net
Wed Feb 13 13:50:34 EST 2002


Stephen Turner wrote:
> 
> add the webserver to the list, it will be a 500 mhz
> 256 sdram pc, is this suffice?
> it will host anywhere
> from 1 to 4 web pages online. (this isnt one of my
> experiments) so what is the most stable, reliable,
> lightweight http server i can use?

LOL! Who cares? With that kind of firepower running it,
you'll never notice the difference. Just use Apache.
It's flexible, well-documented, reasonably easy to
configure, and reasonably secure. If you suspect you'll
ever want to use any kind of server-side dynamic
page creation, then I'd recommend starting with a
"real" WWW server rather than a toy one like Boa or
similar. You'll start with CGI, and for a while that'll
be enough, but then you'll start to hear the evil
whispers of "performance", and you'll want something
like mod_perl or mod_python.

> i understand there
> isnt a best but more like best for me so i ask for
> your input, i should limit the accessability to the
> server to only physical access to change anything on
> it i know this for sure, should i do this on the
> server? or add a seperate firewall? if i add this
> firewall should it be placed before the router? or
> after the router only limiting access to the server?
> also if i do add a seperate firewall, whats a cheep,
> tiny, good firewall product?

Just get another LinkSys. They do a fine job of
firewalling on home net. Just make sure you have
"Block LAN Request" enabled in the "Advanced->Filters"
page on both routers. Unless you have another
old PC lying around, in which case install Linux/iptables
or OpenBSD/IPFilter. It's not worth throwing money at
a new PC of any description just to be a firewall on
a home LAN.

You'll have to forward HTTP (and HTTPS?) traffic from
the outermost router to the web server. You seem to be
aware of some of the security risks that entails,
but just let me recommend that you use a DMZ arrangement
like (set phasers to "Fixed-width font"):

Cable---LinkSys1---+---LinkSys2---+---+---+--...
                   |              |   |   |
                 WebServer    LanBox1 |   |
                                      |   |
                                LanBox2   LanBox3


> aka, a certain desktop
> pc, laptop, small box designed for it, what ever? i am
> wondering what you gurus would suggest by personal
> opinion? the only drawback is the pcs run random
> software which can change at the drop of a hat and i
> would never know so limiting access to specific ports
> may not be good for all the houshold pcs. video games
> internet chat programs etc. anyways whats everyones input?

The LinkSys boxes seem to provide fairly flexible
port allow/deny and triggering, so you probably won't
have any trouble. But I'm not much into on-line
gaming and that kind of thing, so YMMV.

Cheers,

-- Joe
"I should like to close this book by sticking out any part of my neck
 which is not yet exposed, and making a few predictions about how the
 problem of quantum gravity will in the end be solved."
 --- Physicist Lee Smolin, "Three Roads to Quantum Gravity"

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list