This may be a stupid answer, but isn't it easily possible to set up the interfaces (or firewall, or both) so they reject source IP addresses in the wrong I/F? Or am I missing the point? David | On 9/13/05, AragonX <aragonx@xxxxxxxxxx> wrote: | > Hello all, | > | > I am trying to secure my web server. It serves internal users | > (employees) and external users (customers). There are some web | > applications that I would like to have available to | internal users but | > require external users to have a password to access the | directory (the | > applications have their own security but I don't want any of the | > scripts or files visible to the internet at all. They are | all under | > the /internal directory). Can this be done? | > | > The server has two NICS, one serving the internal network and one | > serving the external. Is there a module that will allow different | > security levels based in this information? | > | > I know that mod_access and I think mod_security will allow me to do | > this but they do it based on IP address. I'm afraid someone will | > spoof the IP addresses of the internal network to bypass | this security measure. | > | > What I'm trying to avoid is having the employees log in twice to | > access the web apps. They would be most unhappy. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|