http://qs1969.pair.com?node_id=467727


in reply to verify form submission is from a specific place

xorl,

First of, are their any ports currently open, possibly TCP 80 and/or TCP 443? If they are open you could use LWP::Useragent to access a page on your intranet server. The page on the intranet server would handle the AD testing and return a yes/no answer. You could then parse the output on the DMZ server for confirmation.

If there are not any ports open, you could set up a host to host rule on the firewall (Even though you said you wanted to avoid this), where inbound traffic is only permitted from the DMZ server address to the intranet server address. A rule like this is safer than just opening up the port to any internet host.

Hope this helps.
Greg W

Replies are listed 'Best First'.
Re^2: verify form submission is from a specific place
by xorl (Deacon) on Jun 17, 2005 at 14:29 UTC
    No you currently cannot have the webserver request a page from the intranet server. I did suggest something like this. I wasn't shot down exactly, but was told they wanted other options.
      xorl,

      I don't really see much of a way solution, considering your current level of resources. As a very last possible resort you could have the DMZ server email the requests to an account on the Intranet server for processing (which is a whole different security concern), then the intranet server could post the results to a form on the DMZ server. This would REALLY slow the process down, but I believe it to be at least an option if there are not any others.

      Thanks,
      Greg W.