Jump to content


Photo
- - - - -

Proiv Webclient Server 2


3 replies to this topic

#1 bkemp

bkemp

    Newbie

  • Members
  • Pip
  • 2 posts
  • Gender:Male
  • Location:South Africa

Posted 17 November 2004 - 06:17 AM

We are trying to publish our PROIV application via the web using the Proiv Webclient Server 2. I have installed it on the same server that's running the Proiv Application and configured the service to run on port 4375. The PROIV application server is running ver 5.5 and the database is in SQL (also on the same server) Thus my web address internally would be http://grs14:4375/WebClient/index.xsp and it's working beautifully.

Our It guys have published that web address via NATS outside to http://196.13.163.7:...lient/index.xsp and they have opened the port 4375 on the routers going outside to the web. Yet no luck.....

What else do we need to do to get the service running? Open ports on firewalls ?

Many Thanks
Barry

#2 Donald Miller

Donald Miller

    ProIV Guru

  • Members
  • PipPipPipPipPip
  • 205 posts
  • Gender:Male
  • Location:Cupar, Fife, Scotland
  • Interests:Motorcycling, Running, Cooking

Posted 17 November 2004 - 07:03 AM

Hi Barry

Similar problems with remote access to my customers. They identified a problem with access because of one of their routers. They reckoned that the ADSL settings were correct but it couldn't handle Web Access without crashing. They allow access via a VPN connection which bypasses the firewall (but only to me). This may not be a solution for you but I hope the information helps.

I imagine that a lot of people are interested in a solution so I'm sure they'd appreciate you posting your findings on the site.

Thanks a lot.
Half of what he said meant something else, and the other half didn't mean anytthing at all

#3 TalentedFool

TalentedFool

    Member

  • Members
  • PipPip
  • 43 posts
  • Gender:Male

Posted 30 November 2004 - 11:58 AM

Our It guys have published that web address via NATS outside to http://196.13.163.7:...lient/index.xsp and they have opened the port 4375 on the routers going outside to the web. Yet no luck.....


I'd stop right there!!

If your web server is on the same server as your app server and DB server and you want to allow people access to this machine from the outside world then you're about to punch a hole right through your firewall/router for somebody to access that machine on port 4375. Port 4375 hasn't been define yet by an Internet RFC FAQ's which basically allows anybody to write a worm/trojan to use this port if it's open and gain access to your network. Slim chance I know but people do these things ...

The way you need to configure this is to place the web server in a secure DMZ and allow access to that machine only from the outside world on the standard http port 80 or even https and lock down that machine. Then you'll need to allow that machine access to your App server through your friewall/router on 4375 and since it's the app server that get's your data you can let that talk to your DB server and you don't need to worry about opening any ports for that. That way you minimise what's open to the public and what they can potentially get at.

Hope that helps some on how you should be configuring this.
Thanks

Lee

#4 Bob Filipiak

Bob Filipiak

    Expert

  • Members
  • PipPipPipPip
  • 133 posts
  • Gender:Male

Posted 30 November 2004 - 06:24 PM

Our It guys have published that web address via NATS outside to http://196.13.163.7:...lient/index.xsp and they have opened the port 4375 on the routers going outside to the web. Yet no luck.....


I'd stop right there!!

If your web server is on the same server as your app server and DB server and you want to allow people access to this machine from the outside world then you're about to punch a hole right through your firewall/router for somebody to access that machine on port 4375. Port 4375 hasn't been define yet by an Internet RFC FAQ's which basically allows anybody to write a worm/trojan to use this port if it's open and gain access to your network. Slim chance I know but people do these things ...

The way you need to configure this is to place the web server in a secure DMZ and allow access to that machine only from the outside world on the standard http port 80 or even https and lock down that machine. Then you'll need to allow that machine access to your App server through your friewall/router on 4375 and since it's the app server that get's your data you can let that talk to your DB server and you don't need to worry about opening any ports for that. That way you minimise what's open to the public and what they can potentially get at.

Hope that helps some on how you should be configuring this.

So, If I read you correctly, this setup will require two separate servers, one (the web server) which interfaces with the world; and (possibly) a separate App and DB server which is behind the fire wall. The hole in the firewall being port 4375 connecting the web and App servers.

Now, i understand why several more savvy web people strongly admonished me to get my web app off of my DB server.

Bob Filipiak



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users