Re: [users@httpd] Different security based on network interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/13/05, AragonX <aragonx@xxxxxxxxxx> wrote:
> Hello all,
> 
> I am trying to secure my web server.  It serves internal users (employees)
> and external users (customers).  There are some web applications that I
> would like to have available to internal users but require external users
> to have a password to access the directory (the applications have their
> own security but I don't want any of the scripts or files visible to the
> internet at all.  They are all under the /internal directory).  Can this
> be done?
> 
> The server has two NICS, one serving the internal network and one serving
> the external.  Is there a module that will allow different security levels
> based in this information?
> 
> I know that mod_access and I think mod_security will allow me to do this
> but they do it based on IP address.  I'm afraid someone will spoof the IP
> addresses of the internal network to bypass this security measure.
> 
> What I'm trying to avoid is having the employees log in twice to access
> the web apps.  They would be most unhappy.

What you could  do ishave  two virtual hosts, one atached to the IP
address of the external interface and another attached to the IP
address of the internal interface. Put the common config outside of
the <VirthualHost> containers, and the security config inside them.

Krist


-- 
krist.vanbesien@xxxxxxxxx
Solothurn, Switzerland

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux