I'm looking for firewalls specifically aimed at protecting
web servers.
I have a farm with web servers that I want to protect. No
intranet-stuff, users or authentication. Only public web
servers with anonymous access.
In essence, my machines today sit on a DMZ, with per host
security only. But I don't want to rely entirely on host
security because of scalability problems and bleeding edge
issues.
Because some are legacy systems, I can't use a bastion host
firewall, i.e. a firewall OS including special hardened HTTP
daemon.
Instead, I need a box sitting between my web servers and the
Internet router. This box should take care of known DoS
attacks aimed at web servers, provide packet filtering
specifically for WWW service, and have an application-level
gateway specifically designed for WWW service. (In my view,
there are many known issues with WWW service that an
application-level gateway could sophistically deal with.)
Any products?
In my opinion, this kind of firewall would be quite
different in design from normal firewalls, which usually seem
to be designed for protecting client machines and intranet
servers.
Here are some firewalls that protect web servers, but didn't
fit my needs. They may fit yours:
TIS's ForceField
http://www.tis.com/support/ffsupport/forcefield/noframes/ffguide/index.htm
Siemen Nixdorf's TrustedWeb
http://www.trustedweb.com
TIS's WebStalker Pro (ex-Haystack
Lab)http://www.tis.com/prodserv/stalkerproducts/webstalker/index.html
PORTUS WebGate
http://www.lsli.com/
--
magnus .
timmerby @
softnet .
se, 0457-71856, fax 0457-27481, pager 0740-541612
|
|
