Web Server behind Firewall
This message was a response to one of our technicians who was fielding a question from a customer. The customer wanted to know if his web site (hosted at our facility) was behind a firewall.
No, it's not, and that should generally not cause him any concern. Even in an environment with a firewall, public web servers (and other servers which provide services to outside Internet users) are normally left outside the firewall. Unless there is private data on it (such as customer credit card numbers), the only risk to exposing it that way is defacement, where someone alters your web page. This is easily dealt with, much as you would handle a disk failure. The alternative is as you described, putting it behind a firewall and passing HTTP traffic through it. This is actually riskier. If an attacker can compromise your web server, he or she then has control of a machine inside your firewall. The ability of the firewall to block an HTTP attack passing through it is somewhat limited, and varies with the type of firewall and the type of attack. It might be worth noting that there are packet filters in place on the router that protect the web server. Only HTTP and FTP traffic is allowed through to the web server.