<quote who="Scott Gifford"> > "AragonX" <aragonx@xxxxxxxxxx> writes: > > [...] > >> I know that mod_access and I think mod_security will allow me to do this >> but they do it based on IP address. I'm afraid someone will spoof the >> IP >> addresses of the internal network to bypass this security measure. > > The easiest way to do this is with a firewall. Set up a firewall on > your external interface that blocks all packets claiming to be from > your internal interface. Your OS should have a tool to do this > (iptables on modern Linux). It's also smart to do this at your > perimeter router; since lots of random things use IP addresses as > access control it's wise to stop anything fishy before it gets into > your building. This is being done. I didn't even think about what the firewall was blocking. The problem still persists though. I don't want customers to even see the directories that contain my apps. By hiding these directories from external access, I'll get some peace of mind also. I worry about insecure apps that may give an attacker unwanted privileges and/or information. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|