Re: [users@httpd] how 2 restrict access to a server to ONLY from/thru another redirected server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 9/5/05, OpenMacNews <OpenMacNews@xxxxxxxxxxxxx> wrote:
> hi all,
> 
> i've two boxes:
> 
>        www.boxA.com
>        www.boxB.com
> 
> they are on different 'real' IPs on different subnets.
> 
> boxA has an Apache server, listening on port 80 as www.boxA.com, that i neither
> control nor can configure ...
> 
> boxB runs an Apache server, listening on port XXXX as www2.boxB.com:xxxx, that
> i fully control.
> 
> 
> i've set up a PAGE REDIRECT at www.boxA.com/index.html that points to
> http://www.boxB.com:xxxx/index.html.
> 
> i'd like to RESTRICT ACCESS to boxB to ONLY those visitors that come from/thru
> the www.boxA.com redirction ... i.e., direct connects to
> <http://www.boxB.com:xxxx/index.html> would be rejected.
> 
> also, i'd like to 'hide' the www.boxB.com:xxxx url/port from the average user
> ... displaying only the www.boxA.com 'identity'.
> 
> is this (1) possible, and (2) something that i should best control/restrict in
> Apache's config or .htaccess, or in html/php/etc/page source?

This can't be done without control of boxA's config.  If you had
control of boxA, you'd simply set up a reverse proxy (see
http://www.apacheweek.com/features/reverseproxies ).

Barring that, you are out of luck.  Each connection looks completely
independent, regardless of where someone was linked from.  The only
indication is the Referer HTTP request header, but this is trivially
forged and therefore can't be used for any real security.  And there
is no way to lie about the origin of a page by hiding the URL unless
you control the site that would be used in the URL-bar.  Otherwise,
the web would be completely insecure because anyone could claim to be
www.whitehouse.gov.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux