Scenario
I have an application that I have been developing for two years. I use the framework .NET to develop it in a language called Oxygene that comes from Pascal. When I have something new in my code, I publish my application in File System method. I have a couple servers working on Amazon EC2, so I transfer this files to a folder in my IIS Server. In this IIS Server I already have a website that corresponds to my application, so I just replace the old files for the newest files. I have another server that works as an SQL server. Last detail is that in my application the user is able to attach files, import pictures, export PDF and Excel files. Attachments and pictures are stored in the same folder the application is located.
Issue
Here is my problem. I have got a new client that is kind of a big client. It seems like this company has a strong IT security, so the application must be located in their servers. The big problem is that they required my application to be set in the following architecture:
I am used to only use an app server (works for external access) and a SQL server. They want the third server in DMZ net so they can let external access happen. The reason the application can't be placed in the DMZ is because there are the files I mentioned bellow that the user stores in the application. The database stores all the data, but not those files mentioned.
Solutions I have offered, but won't be accepted:
Publishing the application in a IIS server located in the DMZ: That won't be accepted since my application stores user attachments in the same folder the application is located. There are also images stored there.
Publishing the application in the app server, but also publishing a empty application in the DMZ server redirecting to the IIS server inside the LAN: That's the best solution I have come up.
Using a reverse proxy to protect the LAN Net: This is off the table, since reverse proxy is not safe at all.
I am kind of confused because I can't see a way to separate my application in two to make it work in that suggested architecture.
Can anybody give me a hint or ideas of how this would work?
-
-
You can't "redirect" to inside the LAN, a redirect is a client-side operation, so if the internal server isn't already exposed, you can't redirect someone to it.
A reverse proxy is likely your best bet. Why do you believe it is not safe? This is a tried-and-true solution, it allows you to leave additional ports/services open to internal requests (like a file server, which it sounds like you are trying to expose).
How are these files getting uploaded? Are you using FTP? SMB? HTTP? This solution will not expose those other protocols to the outside world (please don't expose SMB to the outside, it will result in tragedy). Do the external users need to upload these files?