where to put a (web) proxy server "tree leafs" <treeleafs[ at ]hotmail.com> 12/22/2008 11:15:22 AM Hi, is there a general rule for the locaion of a (web) proxy server? Normally, we put the proxy server in LAN and configure a firewall rule to restrict the web traffic through the proxy server to clients within LAN. Some people want to put the proxy server in DMZ. Is this a good idea or bad? Hope to hear opinions from you guys. Thanks in dvance,

Re: where to put a (web) proxy server Meinolf Weber [MVP-DS] <meiweb(nospam)[ at ]gmx.de> 12/22/2008 11:30:37 AM Hello tree, Because it normally has direct access to the internet, i would use the DMZ for the proxy not the LAN. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm [Quoted Text] > Hi, > is there a general rule for the locaion of a (web) proxy server? > Normally, we put the proxy server in LAN and configure a firewall rule > to > restrict the web traffic through the proxy server to clients within > LAN. > Some people want to put the proxy server in DMZ. Is this a good idea > or bad? > Hope to hear opinions from you guys. > Thanks in dvance,

Re: where to put a (web) proxy server "Bill Kearney" <wkearney99[ at ]hotmail.com> 12/23/2008 1:24:43 PM [Quoted Text] > Because it normally has direct access to the internet, i would use the DMZ > for the proxy not the LAN. Why? If it's pulling web traffic, and the firewall is properly configured to allow it, why bother putting it on the DMZ? You only expose it to greater security risks by doing that. What's the bigger risk, the proxy being compromised while on the DMZ or internally? The former.

Re: where to put a (web) proxy server "Phillip Windell" <philwindell[ at ]hotmail.com> 12/24/2008 6:34:28 PM A Web Proxy is a caching device, not a security device (like a regular proxy-based firewall would be). Put it where ever you want,...it isn't all that relevant. But if you want it to perform access control based on user accounts then it is simpler to deal with sitting on the normal LAN where it can authenticate the accounts against the domain controller without as many hoops to jump through and without setting up a RADIUS server. -- Phillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- "tree leafs" <treeleafs[ at ]hotmail.com> wrote in message news:eVn3SaCZJHA.2084[ at ]TK2MSFTNGP06.phx.gbl... [Quoted Text] > Hi, is there a general rule for the locaion of a (web) proxy server? > Normally, we put the proxy server in LAN and configure a firewall rule to > restrict the web traffic through the proxy server to clients within LAN. > Some people want to put the proxy server in DMZ. Is this a good idea or > bad? > Hope to hear opinions from you guys. > Thanks in dvance, >