I have a IIS web server into a DMZ.

If i use static NAT onto the public NIC to join the server in the DMZ,
hackers can join the web server and change the default page.

Now if I use the BM acceleration proxy, is it possible for the hacker
to do
this ?

What is the best way to protect a web site with BM ?

Thanks in advance for your help.