Re: Standalone WebServer for PHP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 1:18 PM -0400 9/12/10, Andy McKenzie wrote:

 >

 A question, to clarify my fuzzy thinking about such things:

 Can a business have a server connected to the Internet but limit access to
 just their employees? I don't mean a password protected scheme, but rather
 the server being totally closed to the outside world other than to their
 internal employees? Or is this something that can only be provided by a LAN
 with no Internet connection?

 Cheers,

 tedd


Hey, one I can answer!

The short answer is "Yes".  It can be done in a firewall:  for
instance, take the following network setups.

1) Internal machines on a single range (10.10.0.1-10.10.0-254),
gateway machine at 10.10.0.1, web server at 10.10.0.2.
  In this situation, the gateway passes traffic web traffic from
outside to 10.10.0.2/80 (destination NATing, in linux's iptables), and
traffic from inside to 10.10.0.2/8880.  There's no reasonable way for
outside traffic to reach the web server, but the web server can still
reach the outside world.  If you don't want to have ANYONE outside the
private network reach the web server, you can eliminate the dnat rule
so port 80 traffic isn't forwarded.  If the employees need access from
outside, a VPN would work best, as Ash suggested, but there are other
options.  The catch is that you need to either use virtual hosts,
which brings one set of problems, or two pieces of web-server software
(two instances of apache, for instance), which brings a different set
of problems.

2) All systems on publicly reachable addresses
(230.54.8.0-230.54.8.254, to pick at random).  The web server is at
230.54.8.2, there is no gateway.  The firewall here needs to be on the
web server, since there is no gateway, and it only allows port 8880
traffic in if it's from the range 230.54.8.0/24.  Again, if no
external access is necessary, it can be simplified somewhat.

In either instance, employees with permanent IP addresses at home can
be allowed in via the firewall.

-Alex

3)


-Alex:

Many thanks -- now I need to figure what you said and how to implement it.  :-)
Does this mean that my client will need a physically local server with fire-wall software protection or can this be done in conventional remote hosting environment with htaccess (or whatever) directives? 

I really need to understand the basics.

Thanks for your help.

Cheers,

tedd

--
-------
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux