httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Administrator" <ad...@different-perspectives.com>
Subject RE: [users@httpd] Different security based on network interface
Date Tue, 13 Sep 2005 10:00:44 GMT
This may be a stupid answer, but isn't it easily possible to set up the
interfaces (or firewall, or both) so they reject source IP addresses in the
wrong I/F?  Or am I missing the point?

David

| On 9/13/05, AragonX <aragonx@dcsnow.com> wrote:
| > Hello all,
| >
| > I am trying to secure my web server.  It serves internal users
| > (employees) and external users (customers).  There are some web
| > applications that I would like to have available to
| internal users but
| > require external users to have a password to access the
| directory (the
| > applications have their own security but I don't want any of the
| > scripts or files visible to the internet at all.  They are
| all under
| > the /internal directory).  Can this be done?
| >
| > The server has two NICS, one serving the internal network and one
| > serving the external.  Is there a module that will allow different
| > security levels based in this information?
| >
| > I know that mod_access and I think mod_security will allow me to do
| > this but they do it based on IP address.  I'm afraid someone will
| > spoof the IP addresses of the internal network to bypass
| this security measure.
| >
| > What I'm trying to avoid is having the employees log in twice to
| > access the web apps.  They would be most unhappy.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message