D-Link DFL-2500 User Guide - Page 147
A Web Server in DMZ
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 147 highlights
128 Chapter 16. DMZ & Port Forwarding Example: A corporation's Web server We take a look at a simple example, showing one utilization of DMZ with a D-Link firewall. The most common publicly available service that every corporation need to have is Web browsing(HTTP). However, it is unsafe to place a Web server inside the internal network together with other private computers, because such server can easily be exploited in a harmful way by intruders. When the server falls into the control of a wrong hand, other private computers will be vulnerable to attacks. Therefore, such service should be located in a separate network area - DMZ. Figure 16.1: A Web Server in DMZ In this example, we have a D-Link firewall connecting a private LAN, a DMZ subnetwork, and the Internet, shown in Figure 16.1. The firewall takes charge of a) all the connections from the Internet to the DMZ; b) necessary connections from the DMZ to the private LAN. The Web sever is placed in the DMZ. Requests to Web browsing service go through the firewall, and are forwarded to the Web server. We can define Rules that let the server in the DMZ accepts only certain types of service requests, HTTP-based requests in this case, to protect the D-Link Firewalls User's Guide