IIS Security - Using a Linux Box as a Sentry?

Steven Yi asks: "This is a suggestion - why not consider IIS an 'application server', similar to they way we consider BEA WebLogic an app server? Continue using your Windows Servers to process your programming logic and ASP pages - but use a box running Apache as your true web server. This is the way many other app-server driven hardware setups are like. Internet --> (Apache Web Server) --> (IIS 'App Server'). The obvious point is that there isn't an Apache plugin to redirect Microsoft/ASP page requests, but couldn't this be written fairly quickly? I think this would be a much cheaper migration path where existing Microsoft applications/hardware can be preserved and your internet security would be greatly enhanced with a Linux/UNIX Apache server guarding the internet connection." Many saavy readers should realize that a mod_rewrite + mod_proxy combination should be all you need to implement such a feature. Has anyone deployed something similar for their production systems?

Came up not long ago.

[crisco]

There was an article titled Securing an Unpatchable Webserver that detailed an IIS 3.0 server that had a custom application that wouldn't run on newer IIS. Microsoft's solution to one of the IIS 3 vulnerabilities was upgrading to IIS 4 or greater but becuause of the custom app this wasn't a short term option. These guys set up a box with Hogwash and Snort to filter the requests to the IIS server.

Unfortunately the article seems to have disappeared but you might have better luck finding it than I did.

Re:Came up not long ago.

[thebabelfish]

Here's Google's cache of the article I think your talking about.