USG Flex700 vs Web Server (Synology)
Hi all,
I have a Synology NAS behind Flex700 - it is part of the Intranet, where users store quite an amount of data on shared drive.
I am planning to run also company web server there - the web services (Apache, PHP, SQL etc etc) are built in features of Synology NAS DS218. So - to put it plainly - publicly accessible web pages will be in fact hosted on Synology which is behind Flex700.
So I am thinking like following:
- I will activate web server on Synology
- I will create a bridge of internal IP of Synology (192.168.1.x) to public IP
- I will restrict the traffic over that bridge just to www (via Policy Control)
Is this plan OK? Is it safe? And….is it even possible :) ?
Best regards,
Dusan
All Replies
-
Hi @NoE ,
If the web services need to public to Internet.
The FLEX firewall just control the access to the web service.
If there're vulnerabilities on the web application (web codes) itself.
That's the only potential risk and that FLEX cannot help.
To narrow the attack surface of your web services.
You need to well configure on the Apache access control.
To allow the admin console of your web application only from intranet.
ex.
location /phpmyadmin {
alias /usr/share/phpMyAdmin;
index index.php;
allow 192.168.1.0/24;
deny all;
}1
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight