0
The Scenario
A web application running in a local Intranet on Linux based server. The web application should not be accessible from the Internet. This web application will use Telegram API to send notifications. All the implementations will use PHP/Apache. The Telegram API has a fixed IP address, 149.154.167.119.
Currently, at the development machine, everything, is working fine, but my development machine is Internet accessible.
The question
Does it possible and secure to, only, allow connection between the application and the Telegram while keeping the rest of the application and the web server isolated from the Internet.
What I have tried
I have tried to search for any resources, that describe to do that using the OS Firewall, but I have not gotten any clear way or approve about possibility to do it, since as I think, Telegram uses ports such as 25, 80, 8888, 443, i.e there are someports, 80, 443, the same as web server use.
SaidbakR
Posted 2018-06-18T22:15:28.830
Reputation: 258
The scenario you describe does not require the server to be accessible from the internet. Everything you describe is an outbound connection on 443. – Paul – 2018-06-18T23:19:15.220
@Paul, How does it outbound only? so how could the application receive the Telegram response? – SaidbakR – 2018-06-18T23:22:52.367
1When we talk about "accessible" or "inbound" or "outbound", we are talking about where a connection is initiated from. A response is always implied. So for your server to contact the Telegram API it makes an outbound connection, and receives a response. This is not the same as being internet accessible, as this means that the connection could be initiated from the internet to the server. You would have a firewall that prevents incoming connections. – Paul – 2018-06-18T23:25:55.963
@Paul, So, what can I do, is to allow outbound connection from the firewall of the server's machine and then everything will works fine, i.e the web server will be accessible from the LAN or the Intranet and at the same time it will able to contact to the Telegram API without the ability to access it from the Internet. Does not it? – SaidbakR – 2018-06-18T23:32:30.957