Great Circle Associates Firewalls
(September 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Queries on HTTP server and firewalls
From: kesavan . p . nair @ bangate1 . tek . com
Date: Tue, 3 Sep 96 15:39:52 IST
To: <firewalls-digest @ GreatCircle . com>, <firewalls @ GreatCircle . com> 
Hi,

Please go through the attachment enclosed and answer my queries

Regards
Kesavan P Nair
We are developing some Internet based secured application which 
should work across firewalls in a secured manner.I need some information
on firewalls and general structure of how HTTP server sits in terms
of firewall.

In the following diagrams I have shown 2 firewall scenarios which I
believe is the most common.I have put down my earlier queries here
once again.Please forward your comments

CASE A

                       +----------+                +-----+      
                       |          |                |SMTP |          +----+
  -----SMTP request--->|Firewall  |--------------->|Relay|-----|    |    |
                       |Gateway   |                |Host |     |--->|    |
                       |          |                +-----+          | A  |
                       |          |                +-----+     |--->|    |
  -----HTTP request--->|          |--------------->|HTTP |-----|    |    |
                       +----------+                |Host |          +----+
                                                   | to  |
                                                   |world| 
                                                   +-----+


CASE B

                       +----------+                +-----+      
                       |          |                |SMTP |          +----+
  -----SMTP request--->|Firewall  |--------------->|Relay|-----|    |    |
                       |Gateway   |                |Host |     |--->|    |
              +-----+  |          |                +-----+          | A  |
              |HTTP |  |          |                            |--->|    |
  --HTTP req->|Host |->|          |----------------------------|    |    |
              |to   |  +----------+                                 +----+
              |World|                                                           
              +-----+

Case A:
Http host to the world is inside , the firewall makes sure that HTTP 
requests from outside are acceptable only to "HTTP Host to World"

Case B:
Http host is outside the firewall.But the "HTTP Host to world" can access
the resources of A which is inside the firewall.

 In both the cases the SMTP request to host A will be fulfilled(by store 
and forward).In case of the HTTP request,I have shown the HTTP request being 
forwarded to A,please intrepret this as a request for resources from A by
HTTP host to answer the external HTTP HOST's request. 

 Iam sure that enough verification + authentication can be done by this HTTP 
host before fulfilling the external HTTP request(whenever there is a need for
resources from inside the network).
 
 My query is that how many of you out there has seen one of these setups
where the HTTP request from outside could be fulfilled with accessing A's
resources and what are your comments on the feasibilty of these setups
 
 Please forward your comments to kesavan .
 p .
 nair @
 tek .
 com
 
My address
Kesavan P Nair
Tektronix(India)Ltd
Tek Towers
Hayes Road
Bangalore - 25
India.

Tel +91 80 227 5577
Fax +91 80 227 5588
Indexed By Date Previous: Re: SecurID White Paper
From: Adam Shostack <adam @ homeport . org>
Next: RE: S/key & secureid
From: Jüri Kaljundi <jk @ stallion . ee>
Indexed By Thread Previous: Re: No toolz at cdm
From: runnerfx @ octet . com (Wearen Life)
Next: Re: Firewalls-Digest: Re: Firewall-1 Logs
From: sj @ bear . com (Shahryar Jahangir)
Google
 
Search Internet Search www.greatcircle.com