Web Server Connector - want one web server

[Troy]

My setup is as follows: IIS with SSL & Web Server Connector on one server (A) and Filemaker Unlimited on another server (:. I've been able to get a Server A working with the Filemaker server (:. I've got my old Web folder files (Server : also on Server A.

The Problem : My organization doesn't want/allow any non-SSL web servers and that's what I get on Server B since Web Companion is turned on to get WSC to talk to Filemaker. How do I get rid of the non-SSL server?

[Garry Claridge]

Server B is secure if no access, other than Server A, is allowed. SSL only encrypts the traffic between trusted participants.

Other security tools and methods exist!

All the best.

Garry

[Troy]

But users still can put the IP address of Server B in their browser and get the web site.

[Garry Claridge]

Not if you "Filter" all IPs, other than Server A. You can also "Filter" all ports other than the FM port. Much more secure than SSL!

Is Server B also Windows? (You could use a simple OS X computer to achieve all of this.)

All the best.

Garry

[Troy]

Server B is Windows 2000 Professional

I've tried filters in the Security section of Web Companion, however I get access forbidden when I try the SSL web site and it's a CDML page.

[Garry Claridge]

I'm not sure if Win2kPro has any in-built "IP Filtering" or "Firewall" type of security.

All the best.

Garry

[Anatoli]

That is quite funny, IP is open to the world, no Firewalls, no DMZ and "My organization doesn't want/allow any non-SSL web servers and that's what I get on Server B since Web Companion is turned on to get WSC to talk to Filemaker. How do I get rid of the non-SSL server?"

It doesn't make much sense. You can use some firewall software, but such setup calls for real protection with dedicated HW firewall.

You could also set WC to talk only to A computer.

[Jeff Spall]

Hi, it's very common and a good idea to want the webserver publicly accessible but the database servers protected.

1 Put the database server behind your network firewall. Open up just the ports you need from the webserver address to the database server address ONLY. (if you want to cheat here, you can just use a desktop copy of FMP, 'cos all the calls will now come from one address). But I didn't recommend that.

2 Use second cards in the two computers and connect them direct to one another, then make your WSC calls through the second card. The FMP server won't then be accesible from the Internet at all, which could give you upload problems unless you've plugged your cards into the LAN, which administrators don't like as there's a possible, though small, risk of bypassing the firewall.

regards, jeff

[Will]

Windows 2000 does have built in IP filtering - read up on IPSec in the MS documentation. You could restrict by IP address (or traffic e.g., HTTP) using IP Sec rules between the two Windows 2000 computers. Additionally, although FM documentation advises against it due to "performance reasons," you can run IIS, Web Server Connector, and FileMaker Unlimited on the same server and that would be another way to solve your problem - I've been doing it that way on 2 different Windows 2000 servers for almost 2 years with no problems. Jeff also raises some good points in his post.