[THIN] Re: Running Secured web server and CSG on same host
- From: Joe Shonk <joe.shonk@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 15 Feb 2006 07:23:50 -0700
Rick is right.. All external traffic is encrypted (even WI which would be
on port 80). Why? Because the CSG service is proxying the WI requests.
See, WI is not exposed (unless you open port 80 on the firewall)
Only 1 ip and 1 ssl cert is required for a modern WI/CSG implementation.
Joe
On 2/15/06, Berny Stapleton <berny.stapleton@xxxxxxxxxx> wrote:
>
> Rick,
>
> This is externally facing, I wanted to encrypt traffic to the web server
> given that passwords are being transferred.
>
> You are right, I should have thought about that a bit harder. At the
> moment we are running two IP addresses and I was aiming to replicate that
> config.
>
> Berny
>
> ------------------------------
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Rick Mack
> *Sent:* 15 February 2006 12:37
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* RE: [THIN] Running Secured web server and CSG on same host
>
> Hi Berny,
>
> Why make life more complicated than it has to be?
>
> Let CSG have port 443 and redirect CSG to WI/Nfuse on the same box on port
> 80. Set your IP filtering to accept a connection on port 80 from itself only
> and you can forget about using SSL for WI/Nfuse.
>
> regards,
>
> Rick
>
> Ulrich Mack
> Volante Systems
> Level 2, 30 Little Cribb Street
> Coronation Drive Office Park
> Milton Qld 4064
> tel: +61 7 32431847
> fax: +61 7 32431992
> rick.mack@xxxxxxxxxxxxxx
>
> ------------------------------
> *From:* thin-bounce@xxxxxxxxxxxxx on behalf of Berny Stapleton
> *Sent:* Wed 15/02/2006 21:32
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Running Secured web server and CSG on same host
>
> Heya all,
>
> What's the best way to go about this?
>
> I have NFuse setup with a certificate, and that therefore wants to answer
> on TCP/443, and CSG also defaults to TCP/443.
>
> I am wondering whether it's possible to have an ISAPI DLL or something
> loaded to pass data to the CSG process?
>
> I was hoping to avoid binding a second IP to the box, anyone got any
> clues? Preferably not to run the processes on different ports.
>
> This box is going to be a backup box, so backup CSG, NFuse, Mail relay,
> proxy server. Essentially all things internet it's being setup for. I was
> hoping to get away with just giving it a single IP address and then just
> changing the NAT rules for whatever box dies. Although that's still possible
> with two IPs, I would have preferred to just use one.
>
> Thanks,
>
> Berny
>
> ______________________________________________________________________
> The contents of this transmission are confidential. If you are not the
> named addressee or if it has been addressed to you in error, please
> notify the sender immediately and then delete this message.
> Any unauthorised copying and transmission is forbidden. Electronic
> transmissions cannot be guaranteed to be secure. If verification is
> required, please contact the sender.
> ______________________________________________________________________
>
>
> #####################################################################################
>
> This e-mail, including all attachments, may be confidential or privileged.
> Confidentiality or privilege is not waived or lost because this e-mail has
> been sent to you in error. If you are not the intended recipient any use,
> disclosure or copying of this e-mail is prohibited. If you have received it
> in error please notify the sender immediately by reply e-mail and destroy
> all copies of this e-mail and any attachments. All liability for direct and
> indirect loss arising from this e-mail and any attachments is hereby
> disclaimed to the extent permitted by law.
>
>
> #####################################################################################
>
> ______________________________________________________________________
> The contents of this transmission are confidential. If you are not the
> named addressee or if it has been addressed to you in error, please
> notify the sender immediately and then delete this message.
> Any unauthorised copying and transmission is forbidden. Electronic
> transmissions cannot be guaranteed to be secure. If verification is
> required, please contact the sender.
> ______________________________________________________________________
>
Other related posts:
