> "AragonX" <[EMAIL PROTECTED]> writes:
>
> [...]
>
>> I know that mod_access and I think mod_security will allow me to do this
>> but they do it based on IP address. I'm afraid someone will spoof the
>> IP
>> addresses of the internal network to bypass this security measure.
>
> The easiest way
On 9/14/05, Scott Gifford <[EMAIL PROTECTED]> wrote:
> "AragonX" <[EMAIL PROTECTED]> writes:
>
> [...]
>
> > I know that mod_access and I think mod_security will allow me to do this
> > but they do it based on IP address. I'm afraid someone will spoof the IP
> > addresses of the internal network
"AragonX" <[EMAIL PROTECTED]> writes:
[...]
> I know that mod_access and I think mod_security will allow me to do this
> but they do it based on IP address. I'm afraid someone will spoof the IP
> addresses of the internal network to bypass this security measure.
The easiest way to do this is wi
> AragonX wrote:
>
> > I'm afraid someone will spoof the IP addresses of the internal network
> > to bypass this security measure.
I don't see how that's possible. Given the following:
M - malicious hacker at address M
W - webserver
I - internal netw
Hello,
Administrator wrote:
This may be a stupid answer, but isn't it easily possible to set up the
interfaces (or firewall, or both) so they reject source IP addresses in the
wrong I/F? Or am I missing the point?
Just drop packets coming in the external interface that claim to have an
IP of
This may be a stupid answer, but isn't it easily possible to set up the
interfaces (or firewall, or both) so they reject source IP addresses in the
wrong I/F? Or am I missing the point?
David
| On 9/13/05, AragonX <[EMAIL PROTECTED]> wrote:
| > Hello all,
| >
| > I am trying to secure my web ser
On 9/13/05, AragonX <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I am trying to secure my web server. It serves internal users (employees)
> and external users (customers). There are some web applications that I
> would like to have available to internal users but require external users
> to have
AragonX wrote:
> and external users (customers). There are some web applications that I
> would like to have available to internal users but require external users
> to have a password to access the directory
Can you distinguish internal user from external ones? If so, you can
use the 'Satisfy' d
Hello all,
I am trying to secure my web server. It serves internal users (employees)
and external users (customers). There are some web applications that I
would like to have available to internal users but require external users
to have a password to access the directory (the applications have
