The present invention provides authorized users access to sensitive information on internal servers inside a firewall while protecting the information from others. A strong client authentication mechanism is layered on top of a secure communication protocol to allow legitimate users access to an internal server from outside the firewall. A proxy is provided with an external component outside the firewall and an internal component inside the firewall, with a control communication channel established between the two. The external component forwards messages through the firewall to the internal component which handles user authentication and acts as a proxy between the user and the internal servers. Where the returned resource contains document hyperlinks, the links are translated into references to the proxy, permitting the user a seamless experience that is almost exactly the same whether the user is inside or outside the firewall.