httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: Intranet pages
Date Mon, 19 Aug 2002 18:11:03 GMT

>     Does someone have any experiences with using apache for both intranet
> and internet pages. I want to tell apache which directories can be only
> accessed from intranet, so people that watching my pages from outside don't
> have access to this pages.

Check the access section of the documentation;

	http://httpd.apache.org/docs/howto/auth.html#access

and do something like

	allow from 123.45.13/24

(Assuming that your IP address inside the compnay is 123.45.13.* and you
are internally using a netmask of 255.255.255.0).

All the details are on

	http://httpd.apache.org/docs/mod/mod_access.html

You propably want to use the IP 'allow' rather than by symbolic names
(i.e. allow from mydomain.com) as the first is inherently easier to
secure. Of course, if you are truly paranoid then such simple measures are
propably not enough; and you should look into SSL client certificates or
hardware token systems such as SecurID or ibutton.coms.

Dw


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message