0

We have developed a web application in ASP.net MVC for our client, which is host on their localhost, lets say, 18.18.18.100/portal. It is a private IP address.

But my client wants to make this application accessing on internet.They want access it from different computers just like how we access any other website, just by entering 18.18.18.100/portal in the browser.

We are new to this, how can we do this?

P.S we cannot host this application on Microsoft Azure, cause the company does not wish to share their data. They want to keep data and database on their server but want access it from any remote location.

If you need more details, please let me know. Ill edit the post.

Doosu
  • 11
  • 1

2 Answers2

3

A common way to make an internal application available on the internet is to install a reverse proxy such as Nginx into a suitable DMZ.

A DMZ is basically a part of the network used as a buffer between the secure internal network and the insecure public internet. You have security at the points between Internet/DMZ and DMZ/internal network, including firewalls and perhaps other technologies such as IPS and IDS.

A reverse proxy is basically a go-between, that accepts requests for another server and passes them along.

Given the level of understanding displayed by your question I strongly urge you to find a qualified firm or consultant to do this for you. Done incorrectly it can significantly increase security risks.

Tim
  • 31,888
  • 7
  • 52
  • 78
0

Just to expand on what Tim said, what you are looking at is hosting a web application server. Generally, you will need the following:

  1. Web Application Server
  2. Router/Firewall/IPS
  3. At least 1 public IP address

What you would do is either directly assign the public IP address to the Web Application Server (if you have more than 1 public IP address) or if you do not have any available (not currently used) public IP addresses then you create a Network Address Translation (NAT) rule on your firewall to redirect traffic sent to your firewall to your Web Application Server. For an example let's say your have a Web Application Firewall assigned a private IP address of 192.168.0.80. Your firewall has a public IP address of 1.2.3.4. The Web Application Firewall is running a web server on TCP port 80.

So you would make a NAT rule on the firewall that says inbound traffic on the external interface going to 1.2.3.4:80 is going to be translated on the internal interface to 192.168.1.80:80.

That is it as far as how it works. Before you go and do that though you need to make sure you have appropriate security in place. This includes (but certainly is not limited to) placing the Web Application Server in a Demilitarized Zone (DMZ), creating Access Control Lists (ACLs) that restrict only traffic to and from the Web Application Server to traffic that you should be permitted, an Intrusion Prevention System (IPS) to block bad traffic going to your Web Application Server, other typical security measures (e.g. patch management, anti-virus, anti-malware, OS hardening, etc.), and any special security requirements for your environment.

The task you are asking about is typical but not simple. You need to make sure you know how to securely do what your client is asking you before you do it so you don't expose their data to people that aren't supposed to access it.

user5870571
  • 3,094
  • 2
  • 12
  • 35