USG Flex700 vs Web Server (Synology)
Freshman Member
Hi all,
I have a Synology NAS behind Flex700 - it is part of the Intranet, where users store quite an amount of data on shared drive.
I am planning to run also company web server there - the web services (Apache, PHP, SQL etc etc) are built in features of Synology NAS DS218. So - to put it plainly - publicly accessible web pages will be in fact hosted on Synology which is behind Flex700.
So I am thinking like following:
- I will activate web server on Synology
- I will create a bridge of internal IP of Synology (192.168.1.x) to public IP
- I will restrict the traffic over that bridge just to www (via Policy Control)
Is this plan OK? Is it safe? And….is it even possible :) ?
Best regards,
Dusan
All Replies
-
Hi @NoE ,
If the web services need to public to Internet.
The FLEX firewall just control the access to the web service.
If there're vulnerabilities on the web application (web codes) itself.
That's the only potential risk and that FLEX cannot help.
To narrow the attack surface of your web services.
You need to well configure on the Apache access control.
To allow the admin console of your web application only from intranet.
ex.
location /phpmyadmin {
alias /usr/share/phpMyAdmin;
index index.php;
allow 192.168.1.0/24;
deny all;
}1
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 238 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
