What is the best way to update a web server securely in a DMZ?
I think this could be done throught iptables/host.allow/hosts.deny to only allow a particular host to talk to that webserver.
Does anyone have any insight on the best way to keep a webserver secure in a DMZ while still being able to easily update it? Would a staging server running apache be good as the allowed host, so on this staging server it would be tested one last time and then sent on to the live server?
Would a recieve only cable be a good idea so the server on a seperate nic would have a cable where it could recieve only recieve the updated files and then implement them?
Does anyone know a good place to buy or intructions on making a recieve only cable?
Jim
(text/plain)