Chapter 5 - Defense Plan 4: Advanced Server Publishing

Abstract

This chapter discusses a number of ways to use Web and server publishing rules. Both Web and server publishing rules allow making resources on the internal network available to clients on the Internet. They can be used to publish resources on the internal network, on a traditional DMZ, or on a private address LAT-based DMZ segment. Server pub Web and server publishing rules allow one to publish almost any protocol that is the primary advantage of server publishing over Web publishing. The server-publishing rule essentially performs a reverse NAT function. An important consideration when implementing server publishing rules is that one need to avoid port contention on the external interface. These rules are also used to publish Websites. The most common reason for doing this is that the original client's IP address appears in the Web server's log files. Web publishing rules allow publishing Web and FTP sites. These rules are handled by the Web Proxy service. The Web Proxy service is able to examine the application-layer data and make decisions on how to handle requests based on information, such as the destination URL. Web publishing rules also allow performing port and protocol redirection. Protocol redirection allows bridging HTTP requests as SSL or FTP requests.