Web and app
Figure 2.2 The Internet can have many layers between clients and their ultimate destination.
The enterprise layers are typically broken into two zones, separated by firewalls, called the DMZ.
The web server, and sometimes the web application server, resides in the DMZ.
Enterprise layers add security and overhead
Most enterprises use firewalls and proxies to shield them from basic security
problems. A firewall is simply a machine placed between the Internet and the
HTTP servers of a corporation so that hackers cannot attack directly. Most
modern architectures call for two firewalls, placed on either side of the web
servers, to create an area called the DMZ ( demilitarized zone ). The DMZ
defines an area between the internal intranet and the external Internet. The
Internet includes both benevolent customers and malevolent hackers. The
DMZ provides a necessary compromise: access is open enough for meaningful
communication and security is tight enough to protect assets. Each firewall
enables different protocols, so hackers must coordinate two different types of
attacks to reach the systems on the private intranet. The systems in the DMZ
are more vulnerable to attack but are perfectly situated to provide access to
corporate resources from the public Internet so that effective commerce can