Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: HTDOCS and Securtiy |
|
| Author |
|
timboellis2031
Joined: 21 Mar 2007
Posts: 2
|
 Posted: Wed 21 Mar '07 12:43 Post subject: HTDOCS and Securtiy |
 |
|
Can someone suggest a better suecurity for me.
I currently have appache running on a local server, however I have various users connecting to this internally and externally through the IP address that is forwarded through the router on port 80.
At the moment it is secured by IP address I have denied to all and allowed the IP addresses, however several of my users that work from home that need to access to this who have dynamic addresses.
So any suggestions on how to do this , I am not keen on doing passwords for security reasons? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 26 Mar '07 13:35 Post subject: |
|
|
One possibility is that the others get a dynamic DNS name like user1.dyndns.org, user2.dyndns.org or some other dynDNS supporter. So you could allow by the DNS name.
Second thing I can think of is. That many providers have a pool of IP adresses given to the users. So you may could allow IPs beginning with that pool
e.g.
| Code: |
Deny from all
Allow from 172.20 192.168
|
http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html
A password solution would be much easier for the users! |
|
| Back to top |
|
timboellis2031
Joined: 21 Mar 2007
Posts: 2
|
| Posted: Mon 26 Mar '07 17:01 Post subject: Security |
|
|
| But how secure is the password as their is sensitve information on this server? |
|
| Back to top |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
| Posted: Tue 27 Mar '07 17:00 Post subject: |
|
|
re: "I am not keen on doing passwords for security reasons?"
I'm not sure I understand your point. Passwords are more secure than restricting IP addresses because IP addresses can be spoofed by a knowledgeable attacker.
Basic authentication is fine if you do not think anyone will intercept (i.e. wiretap) the connection between the browser and your server.
Digest authentication overcomes this "wiretapping" problem.
In both cases, the quality of the passwords (mixed-case, punctuation characters, avoid names or dictionary words) is the most important factor.
Perhaps you are worried that your users won't keep their passwords secret? Or maybe that someone can abscond with the password file from your server?
"sensitive information" can mean many things. If you really think a highly-skilled attacker would spend millions of euros/dollars and months/years of effort to crack your web site, then the encryption in Apache may not be strong enough. If your "sensitive information" is just commercial or personal data - the Apache password mechanism is certainly sufficient.
You can use both IP restrictions and passwords together, but this is seldom done.
-tom- |
|
| Back to top |
|
|
|
|
|
|
