[FX.php List]One FMP DB Multiple Web Servers

Dale Bengston dbengston at preservationstudio.com
Thu Oct 11 08:59:14 MDT 2007


Right-o, Steve. If I were to duplicate something, it would be on the  
web server end, not the FileMaker end.

Dale

On Oct 11, 2007, at 9:50 AM, Steve Winter wrote:

> Hi Dale,
>
>
>
> That’s correct, as far as FileMaker is concerned it will actually  
> be the existing web server that is requesting data, it would go  
> something like this;
>
>
>
> Client request received by outside server on port 80
>
>
>
> FX on outside server asks firewall for data on port 23582
>
>
>
> Firewall says ‘I know the IP of the connecting computer, I like  
> that IP, I know that port, I know what to do with that port’
>
>
>
> Firewall redirects the traffic from the outside server to port 80  
> on the inside server
>
>
>
> Inside server performs the FMP query, just as if the request had  
> come from FX on the inside server, and passes the data back...
>
>
>
> Thus yes, the majority of the configuration in this instance is on  
> the firewall...
>
>
>
> This option does of course require purchasing a new server... the  
> more cost effective, though (marginally) riskier solution is to  
> open port 80 in your firewall and pass all requests to its external  
> IP address through to the internal server..
>
>
>
> Cheers
>
> Steve
>
>
>
>
>
> From: fx.php_list-bounces at mail.iviking.org [mailto:fx.php_list- 
> bounces at mail.iviking.org] On Behalf Of gerry.charest at agfa.com
> Sent: Thursday, 11 October 2007 12:28 p.m.
> To: FX.php Discussion List
> Subject: RE: [FX.php List]One FMP DB Multiple Web Servers
>
>
>
> Thanks for the recommendations Steve,
>
> So If I understand Idea # 2 properly from FMP's perspective all the  
> traffic is coming through the webserver inside the firewall. This  
> internal web server is passing request results to the external  
> server. The bulk of the setup appears to be at the firewall where  
> the redirect occurs.
>
>
> <image001.gif>
> ">"Steve Winter" <steve at bluecrocodile.co.nz>
>
>
> "Steve Winter" <steve at bluecrocodile.co.nz>
> Sent by: fx.php_list-bounces at mail.iviking.org
>
> 10/10/2007 08:32 AM
>
> Please respond to
> "FX.php Discussion List" <fx.php_list at mail.iviking.org>
>
>
> <image004.gif>
>
> To
>
> <image005.gif>
>
> "'FX.php Discussion List'" <fx.php_list at mail.iviking.org>
>
> <image004.gif>
>
> cc
>
> <image005.gif>
>
> <image004.gif>
>
> Subject
>
> <image005.gif>
>
> RE: [FX.php List]One FMP DB Multiple Web Servers
>
>
>
> <image005.gif>
>
> <image005.gif>
>
>
>
> Hi Gerry,
>
> A few (other) ideas;
>
> 1. you could leave everything exactly how it is and create a static  
> route on your firewall which redirects any requests to the external  
> IP of the firewall on port 80 to the static IP address, port 80, of  
> the current web server. Quick and simple, does however expose that  
> machine to potential attacks from the outside world...
> 2. get a new server, put the OS (Win, OSX, Linux) and webServer  
> (IIS, apache) of your choice on it and put it on the outside of the  
> firewall, open a port in the firewall at some really random port,  
> 23582 for want of a better number ;-) tell the firewall to only  
> accept requests from the static IP of the external server on that  
> port and to route those requests to the static IP of the current  
> web server on port 80 on the inside of the firewall. Then put the  
> php files of your solution on the outside box, and in the server  
> configuration for FX.php tell it that the filemaker server is at  
> the IP of the outside of the firewall and on port 23582...
>
>
> In response to your actual suggestions
> 1. Can I support both internal and external web access from one FMP  
> Server?
> Yes you can, this is essentially what my suggestion one is doing...
> 2. Should I connect to one data source or replicate the database  
> outside the firewall?
> Replication of the whole system sounds like a lot of hard work, and  
> a maintenance hassle that I think can be avoided...
> 3. Should I implement an external only solution and have all users  
> hit the external site?
> That would be a viable option, it does however expose your server  
> to greater risks than leaving it behind the firewall, as then it’s  
> a potential target on all ports, rather than just the ones you open  
> in the firewall.
>
> If I were doing this, and I could afford another server, with its  
> own static IP, then I’d go with my option 2 above, since that way  
> only that box is ‘vulnerable’ since even if a full port scan was  
> conducted on the firewall, and someone found that the port you’d  
> opened was open, then the firewall would deny all access unless it  
> came from the correct address... (and yes, I know IP addresses can  
> be spoofed, but let’s get real... chances are slim and unless you  
> really annoyed someone ;-)
>
> Hope this helps...
>
> Cheers
> Steve
>
> From: fx.php_list-bounces at mail.iviking.org [mailto:fx.php_list- 
> bounces at mail.iviking.org] On Behalf Of gerry.charest at agfa.com
> Sent: Wednesday, 10 October 2007 12:05 p.m.
> To: FX.php Discussion List
> Subject: [FX.php List]One FMP DB Multiple Web Servers
>
> Hi all,
>
> I'm trying to come to grips with an implementation strategy and  
> could use your recommendations before I get started. I have a  
> document management system based on FMP8 w/FX PHP Windows IIS (will  
> be moving to 9 at some point). The solution is for internal users  
> behind a firewall. We would like to extend the functionality to  
> support external users moving access outside the firewall.
>
> 1. Can I support both internal and external web access from one FMP  
> Server?
> 2. Should I connect to one data source or replicate the database  
> outside the firewall?
> 3. Should I implement an external only solution and have all users  
> hit the external site?
>
> Any other input, suggestions, pitfalls, etc. are most welcome.
>
> Best regards
> Gerry Charest
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.14.6/1060 - Release Date:  
> 9/10/2007 4:43 p.m.
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.14.6/1060 - Release Date:  
> 9/10/2007 4:43 p.m._______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.14.7/1062 - Release Date:  
> 10/10/2007 5:11 p.m.
>
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.14.7/1062 - Release Date:  
> 10/10/2007 5:11 p.m.
>
>
> <image001.gif>
> <image004.gif>
> <image005.gif>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20071011/3b5449c2/attachment-0001.html


More information about the FX.php_List mailing list