In article <9504041213 .
Dr. Frederick B. Cohen <fc @
>Does anyone have a firewall that will protect users from poorly
>configured http deamons without preventing authorized use? For example,
You mean, a poorly configured http daemon on the private network?
Put it on the DMZ, or on a service network. (A third network that is
behind the firewall, but still can't access the private network. It
might be behind a filtering router, but in front of the firewall, or
it might be on a third interface of a firewall)
Why not just secure the httpd daemon itself. Wouldn't that be the
best solution? The firewall administrator had better know about any
services being provided on internal machines.
:!mcr!: | <A HREF="http://www.milkyway.com/">Milkyway Networks Corporation</A>
Michael Richardson | Makers of the Black Hole firewall
NCF: aa714 || xx714 | +1 613 566-4574 ... mcr @
Home: <A HREF="http://www.sandelman.ocunix.on.ca/People/Michael_Richardson/Bio.html">mcr @
ca</A>. PGP key available.