[FX.php List]One FMP DB Multiple Web Servers
Steve Winter
steve at bluecrocodile.co.nz
Thu Oct 11 15:46:55 MDT 2007
Hi Dale,
Ummm... yip, that’s what I was suggesting...
>From what I understand of the situation there is currently one server which
has the web server software and filemaker running on it, all of which is
behind a firewall. So effectively that machine is the web server and the
FMS... what I’m suggesting is placing a second web server, outside the
firewall, creating a tunnel through the firewall to the web/FM server on the
inside...
Did I miss something...??
Cheers
Steve
_____
From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Dale Bengston
Sent: Thursday, 11 October 2007 3:59 p.m.
To: FX.php Discussion List
Subject: Re: [FX.php List]One FMP DB Multiple Web Servers
Right-o, Steve. If I were to duplicate something, it would be on the web
server end, not the FileMaker end.
Dale
On Oct 11, 2007, at 9:50 AM, Steve Winter wrote:
Hi Dale,
That’s correct, as far as FileMaker is concerned it will actually be the
existing web server that is requesting data, it would go something like
this;
Client request received by outside server on port 80
FX on outside server asks firewall for data on port 23582
Firewall says ‘I know the IP of the connecting computer, I like that IP, I
know that port, I know what to do with that port’
Firewall redirects the traffic from the outside server to port 80 on the
inside server
Inside server performs the FMP query, just as if the request had come from
FX on the inside server, and passes the data back...
Thus yes, the majority of the configuration in this instance is on the
firewall...
This option does of course require purchasing a new server... the more cost
effective, though (marginally) riskier solution is to open port 80 in your
firewall and pass all requests to its external IP address through to the
internal server..
Cheers
Steve
_____
From: fx.php_list-bounces at mail.iviking.org [HYPERLINK
"mailto:fx.php_list-bounces at mail.iviking.org"mailto:fx.php_list-bounces at mail
.iviking.org] On Behalf Of HYPERLINK
"mailto:gerry.charest at agfa.com"gerry.charest at agfa.com
Sent: Thursday, 11 October 2007 12:28 p.m.
To: FX.php Discussion List
Subject: RE: [FX.php List]One FMP DB Multiple Web Servers
Thanks for the recommendations Steve,
So If I understand Idea # 2 properly from FMP's perspective all the traffic
is coming through the webserver inside the firewall. This internal web
server is passing request results to the external server. The bulk of the
setup appears to be at the firewall where the redirect occurs.
<image001.gif>
">"Steve Winter" <HYPERLINK
"mailto:steve at bluecrocodile.co.nz"steve at bluecrocodile.co.nz>
"Steve Winter" <HYPERLINK
"mailto:steve at bluecrocodile.co.nz"steve at bluecrocodile.co.nz>
Sent by: HYPERLINK
"mailto:fx.php_list-bounces at mail.iviking.org"fx.php_list-bounces at mail.ivikin
g.org
10/10/2007 08:32 AM
Please respond to
"FX.php Discussion List" <HYPERLINK
"mailto:fx.php_list at mail.iviking.org"fx.php_list at mail.iviking.org>
<image004.gif>
To
<image005.gif>
"'FX.php Discussion List'" <HYPERLINK
"mailto:fx.php_list at mail.iviking.org"fx.php_list at mail.iviking.org>
<image004.gif>
cc
<image005.gif>
<image004.gif>
Subject
<image005.gif>
RE: [FX.php List]One FMP DB Multiple Web Servers
<image005.gif>
<image005.gif>
Hi Gerry,
A few (other) ideas;
1. you could leave everything exactly how it is and create a static route on
your firewall which redirects any requests to the external IP of the
firewall on port 80 to the static IP address, port 80, of the current web
server. Quick and simple, does however expose that machine to potential
attacks from the outside world...
2. get a new server, put the OS (Win, OSX, Linux) and webServer (IIS,
apache) of your choice on it and put it on the outside of the firewall, open
a port in the firewall at some really random port, 23582 for want of a
better number ;-) tell the firewall to only accept requests from the static
IP of the external server on that port and to route those requests to the
static IP of the current web server on port 80 on the inside of the
firewall. Then put the php files of your solution on the outside box, and in
the server configuration for FX.php tell it that the filemaker server is at
the IP of the outside of the firewall and on port 23582...
In response to your actual suggestions
1. Can I support both internal and external web access from one FMP Server?
Yes you can, this is essentially what my suggestion one is doing...
2. Should I connect to one data source or replicate the database outside the
firewall?
Replication of the whole system sounds like a lot of hard work, and a
maintenance hassle that I think can be avoided...
3. Should I implement an external only solution and have all users hit the
external site?
That would be a viable option, it does however expose your server to greater
risks than leaving it behind the firewall, as then it’s a potential target
on all ports, rather than just the ones you open in the firewall.
If I were doing this, and I could afford another server, with its own static
IP, then I’d go with my option 2 above, since that way only that box is
‘vulnerable’ since even if a full port scan was conducted on the firewall,
and someone found that the port you’d opened was open, then the firewall
would deny all access unless it came from the correct address... (and yes, I
know IP addresses can be spoofed, but let’s get real... chances are slim and
unless you really annoyed someone ;-)
Hope this helps...
Cheers
Steve
_____
From: HYPERLINK
"mailto:fx.php_list-bounces at mail.iviking.org"fx.php_list-bounces at mail.ivikin
g.org [HYPERLINK
"mailto:fx.php_list-bounces at mail.iviking.org"mailto:fx.php_list-bounces at mail
.iviking.org] On Behalf Of HYPERLINK
"mailto:gerry.charest at agfa.com"gerry.charest at agfa.com
Sent: Wednesday, 10 October 2007 12:05 p.m.
To: FX.php Discussion List
Subject: [FX.php List]One FMP DB Multiple Web Servers
Hi all,
I'm trying to come to grips with an implementation strategy and could use
your recommendations before I get started. I have a document management
system based on FMP8 w/FX PHP Windows IIS (will be moving to 9 at some
point). The solution is for internal users behind a firewall. We would like
to extend the functionality to support external users moving access outside
the firewall.
1. Can I support both internal and external web access from one FMP Server?
2. Should I connect to one data source or replicate the database outside the
firewall?
3. Should I implement an external only solution and have all users hit the
external site?
Any other input, suggestions, pitfalls, etc. are most welcome.
Best regards
Gerry Charest
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.488 / Virus Database: 269.14.6/1060 - Release Date: 9/10/2007
4:43 p.m.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.488 / Virus Database: 269.14.6/1060 - Release Date: 9/10/2007
4:43 p.m._______________________________________________
FX.php_List mailing list
HYPERLINK "mailto:FX.php_List at mail.iviking.org"FX.php_List at mail.iviking.org
HYPERLINK
"http://www.iviking.org/mailman/listinfo/fx.php_list"http://www.iviking.org/
mailman/listinfo/fx.php_list
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.488 / Virus Database: 269.14.7/1062 - Release Date: 10/10/2007
5:11 p.m.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.488 / Virus Database: 269.14.7/1062 - Release Date: 10/10/2007
5:11 p.m.
<image001.gif>
<image004.gif>
<image005.gif>
_______________________________________________
FX.php_List mailing list
HYPERLINK "mailto:FX.php_List at mail.iviking.org"FX.php_List at mail.iviking.org
HYPERLINK
"http://www.iviking.org/mailman/listinfo/fx.php_list"http://www.iviking.org/
mailman/listinfo/fx.php_list
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.488 / Virus Database: 269.14.7/1062 - Release Date: 10/10/2007
5:11 p.m.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.488 / Virus Database: 269.14.7/1062 - Release Date: 10/10/2007
5:11 p.m.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20071011/c2ea5462/attachment-0001.html
More information about the FX.php_List
mailing list