httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lopez <dan...@rawbyte.com>
Subject Re: security/redirection
Date Mon, 21 Jan 2002 17:30:52 GMT

Aaron,

You can rely on the REferer: header, but that is not secure as the client is
the one that provides it. You can try setting up a reverse proxy, forcing
all requests to pass thru site1.medcentral.org before reaching 9.9.9.9
Check http://www.webtechniques.com/archives/1998/05/engelschall/ for a
general introduction to reverse proxies
Check the mod_rewrite documentation for some examples on how to do that for
what you suggest.

Daniel



On Mon, Jan 21, 2002 at 08:25:02AM -0500, Markley, Aaron wrote:
> Hello all,
> 
> I have a working authorization scheme for my website, let's call it
> http://site1.medcentral.org:11111, which first asks for username and
> password (using the various "Auth" directives in the virtual host
> definition), and then if valid will redirect to the site on our local
> intranet that I want secured, http://999.9.9.999.  This whole scheme works
> until someone types in the IP address directly; then there isn't any
> authentication at all.  Is there a way to completely block access to
> 999.9.9.999 except from the redirection site?
> 
> Thanks,
> Aaron

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message