[FX.php List]One FMP DB Multiple Web Servers

Wed Oct 10 06:32:42 MDT 2007

Hi Gerry,

A few (other) ideas;

1.	you could leave everything exactly how it is and create a static
route on your firewall which redirects any requests to the external IP of
the firewall on port 80 to the static IP address, port 80, of the current
web server. Quick and simple, does however expose that machine to potential
attacks from the outside world...
2.	get a new server, put the OS (Win, OSX, Linux) and webServer (IIS,
apache) of your choice on it and put it on the outside of the firewall, open
a port in the firewall at some really random port, 23582 for want of a
better number ;-) tell the firewall to only accept requests from the static
IP of the external server on that port and to route those requests to the
static IP of the current web server on port 80 on the inside of the
firewall. Then put the php files of your solution on the outside box, and in
the server configuration for FX.php tell it that the filemaker server is at
the IP of the outside of the firewall and on port 23582...

In response to your actual suggestions

1. Can I support both internal and external web access from one FMP Server?

Yes you can, this is essentially what my suggestion one is doing...
2. Should I connect to one data source or replicate the database outside the
firewall?

Replication of the whole system sounds like a lot of hard work, and a
maintenance hassle that I think can be avoided...
3. Should I implement an external only solution and have all users hit the
external site?

That would be a viable option, it does however expose your server to greater
risks than leaving it behind the firewall, as then it’s a potential target
on all ports, rather than just the ones you open in the firewall.

If I were doing this, and I could afford another server, with its own static
IP, then I’d go with my option 2 above, since that way only that box is
‘vulnerable’ since even if a full port scan was conducted on the firewall,
and someone found that the port you’d opened was open, then the firewall
would deny all access unless it came from the correct address... (and yes, I
know IP addresses can be spoofed, but let’s get real... chances are slim and
unless you really annoyed someone ;-)

Hope this helps...

Cheers

Steve

   _____  

From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of
gerry.charest at agfa.com
Sent: Wednesday, 10 October 2007 12:05 p.m.
To: FX.php Discussion List
Subject: [FX.php List]One FMP DB Multiple Web Servers

Hi all,

I'm trying to come to grips with an implementation strategy and could use
your recommendations before I get started. I have a document management
system based on FMP8 w/FX PHP Windows IIS (will be moving to 9 at some
point). The solution is for internal users behind a firewall. We would like
to extend the functionality to support external users moving access outside
the firewall. 

1. Can I support both internal and external web access from one FMP Server?
2. Should I connect to one data source or replicate the database outside the
firewall?
3. Should I implement an external only solution and have all users hit the
external site?

Any other input, suggestions, pitfalls, etc. are most welcome.

Best regards
Gerry Charest

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.488 / Virus Database: 269.14.6/1060 - Release Date: 9/10/2007
4:43 p.m.

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.488 / Virus Database: 269.14.6/1060 - Release Date: 9/10/2007
4:43 p.m.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20071010/4cc695e0/attachment.html