Skip to main content

Converting Two-to-Three Tier more Secure Architecture on Windows Servers

 

Windows 2-3 Tier Architecture Conversion

Here is how we can convert your asp.net or any other IIS server hosted web application from DB and APP layer to DB, APP and Web Layer using Oracle Corporation's Oracle HTTP Server (OHS).


Introduction

If you have been working with IIS based applications wherein you host your website/multiple web applications in the same website on IIS and want to make it more secure by adding a third layer for the web. The solution is pretty much directly available over the plate from this page. 


Process

There is no need to create a Web Portal containing only wrapper calls to the APP server where all your business logic lies in the form of API based application. You can create a robust application with direct DB calls hosted on the APP server and then showcase the same application without any coding expertise to a Web Layer. And then every end user will be using the web interface only without any direct access to the App Layer making it shielded by your web layer.


What makes it more secure is that you can change the communication ports between the WEB and APP layer to some non-standard port service number which will again make it difficult to directly access the APP/DB layer from the Web Layer.


Step wise Step activities!

So, how do we make it possible. You may follow the given below steps for the same:

Step 1. You host your IIS based Application over the APP layer. How do you do it. 

You create a Folder on your APP server. Put down the published ASP.NET, ASP.NET MVC or PHP or any application hostable on IIS there. Then you go to INETMGR (IIS Manager Application on your windows server) and Create a Website for e.g. AppLayer

This AppLayer website's virtual path on the IIS server will be / (root).

Then you host your web application within this AppLayer website by create multiple child folders as in picture below where your actual WebApplication/APIs lies:





 


Step 2. You need to Install OHS on a Web Layer Server. The installation guide and the latest installation setup is available from the Oracle Official Site as Oracle Web Tier - Downloads.


Step 3. After you install the OHS, move to the OHS instance folder i.e. ohs1 and then modify the mod_wl_ohs.conf file in any text editor which is located in below location:

DOMAIN_HOME/config/fmwconfig/components/OHS/instances/componentName

<Location /MyApps>
  WLSRequest On
  WebLogicCluster 10.X.X.X:8001 #My Web App Server Internal Pat
  WLProxySSL On
  WLProxySSLPassThrough ON
  #DefaultFileName index.jsp
</Location>


Step 4. Now from your Web Layer, access the website 10.x.x.x:8001 as

First Web Portal as

https://webLayer.in/MyApps/WebApp1

and 

Second Web Portal as 

https://webLayer.in/MyApps/WebApp2


P.S. https://webLayer.in is the domain name for the OHS(Web Layer Server)

Labels:

Comments

Post a Comment

Provide your valuable feedback, we would love to hear from you!! Follow our WhatsApp Channel at
https://whatsapp.com/channel/0029VaKapP65a23urLOUs40y

Popular posts from this blog

Working with OAuth Tokens in .NET Framework 4.8

  Working with OAuth Tokens in .NET Framework 4.8 OAuth (Open Authorization) is a widely used protocol for token-based authentication and authorization. If you're working with .NET Framework 4.8 and need to integrate OAuth authentication, this guide will walk you through the process of obtaining and using an OAuth token to make secure API requests. Step 1: Understanding OAuth Flow OAuth 2.0 typically follows these steps: The client requests authorization from the OAuth provider. The user grants permission. The client receives an authorization code. The client exchanges the code for an access token. The client uses the token to access protected resources. Depending on your use case, you may be implementing: Authorization Code Flow (for web applications) Client Credentials Flow (for machine-to-machine communication) Step 2: Install Required Packages For handling HTTP requests, install Microsoft.AspNet.WebApi.Client via NuGet: powershell Copy Edit Install-Package Microsoft.AspNet.W...
Post a Comment
Read more

Changing the Default SSH Port on Windows Server 2019: A Step-by-Step Guide

Changing the Default SSH Port on Windows Server 2019: A Step-by-Step Guide By default, SSH uses port 22 for all connections. However, for enhanced security or due to policy requirements, it may be necessary to change this default port. In this guide, we'll walk you through how to change the SSH port on Windows Server 2019 . Changing the default port not only reduces the chances of brute-force attacks but also minimizes exposure to potential vulnerabilities. Let's get started! Why Change the Default SSH Port? Changing the default SSH port can offer several advantages: Security : Automated scripts often target the default SSH port (22). Changing it can prevent many basic attacks. Compliance : Certain compliance regulations or internal policies may require the use of non-standard ports. Segregation : If multiple services are running on the same server, different ports can be used for easier management and separation. Prerequisites Before proceeding, ensure that you: Have administ...
Post a Comment
Read more

Understanding SSL Certificate Extensions: PEM vs. CER vs. CRT

Understanding SSL Certificate Extensions: PEM vs. CER vs. CRT In the realm of SSL certificates, file extensions like PEM, CER, and CRT play crucial roles in how cryptographic information is stored and shared. While often used interchangeably, each extension carries its own conventions and encoding formats. In this blog post, we'll unravel the differences between PEM, CER, and CRT to shed light on their individual purposes. PEM (Privacy Enhanced Mail) Format: PEM is a versatile format widely employed for storing cryptographic objects. It utilizes base64-encoded ASCII, often adorned with headers like "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----." Extension: Files with the PEM extension are multipurpose, housing certificates, private keys, and other encoded data. Use Case: PEM's flexibility makes it suitable for a variety of cryptographic data, from certificates to private keys and certificate signing requests (CSRs). CER (Certificate) Format...
Post a Comment
Read more