1. Put both Web and SQL Server behind a firewall that only allows port 80.
2. Put Web server behind firewall that only allows port 80. Have sql server behind another firewall. You can either use a non-tcp protocol or not use the default port 1433 and enable protocol encryption.
If you do not have SQL Server Books Online (BOL) installed - please do so. The majority of questions asked in the SQL Server forum could be eliminated if people had access to bol. BOL