I'd have to second Ryan's comment.
A public web server should be in the DMZ, possibly protected by its own
You'd be suprised at what major corporations have their public web sites
on the wrong side.
> -----Original Message-----
> From: Ryan Russell [SMTP:ryanr @
> Sent: Thursday, March 05, 1998 1:35 PM
> To: dave kaas
> Cc: firewalls @
> Subject: Re: SSL through a firewall
> Don't EVER, EVER, EVER allow Internet
> access to a web server that isn't on
> a DMZ. The SSL issue is superfluous. The
> fact that they would ask for that shows that
> they haven't clue one about security, and will
> be coding many CGI holes awaiting exploitation,
> and from there, attack of your internal machines.
> Of course, that's just my opinion.