Hello all, I am trying to secure my web server. It serves internal users (employees) and external users (customers). There are some web applications that I would like to have available to internal users but require external users to have a password to access the directory (the applications have their own security but I don't want any of the scripts or files visible to the internet at all. They are all under the /internal directory). Can this be done? The server has two NICS, one serving the internal network and one serving the external. Is there a module that will allow different security levels based in this information? I know that mod_access and I think mod_security will allow me to do this but they do it based on IP address. I'm afraid someone will spoof the IP addresses of the internal network to bypass this security measure. What I'm trying to avoid is having the employees log in twice to access the web apps. They would be most unhappy. Any and all help would be appreciated. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|