Re: hosting a secure website accessible from only a few IP addresses and users

From: sponge (yosponge_at_yahoo.com)
Date: 06/24/03 

Date: 23 Jun 2003 15:48:22 -0700

On 22 Jun 2003 15:37:24 -0700, cal_2pac@yahoo.com (2pac) wrote:

>Hi
>I need to create a website for my family (spread across different
>countries) to share their calendar and personal journal. Since some
>info may be confidential, I was wondering if I can establish a secure
>website that is accessible by only a few IP addresses and user.
>To date I do not know of any webserver that can restrict access from
>some IP addresses (haven't checked in IIS - but I am scared of using
>it anyway).
>
>one way would be to host the web site using apache with a software
>daemon listening on port 80. This daemon will accept only connections
>from certain preconfigured IP addresses and will then forward the
>data to apache.
>The web server will then do its own user level authentication.
>Is this technique secure?
>
>Are there any websites that will host my website and will also let me
>configure IP address and user level auth for free?
>Thanks for any suggestions

If you're talking about running your own server you can simply
firewall the thing with something like Kerio and configure it to
permit only the IP addresses you want and block all else. Of course,
that presumes that all your family is on static IPs; if not, you'll
have to allow the entire network of those who are not static, but it
will cut down on the possibilities. Take things a step further and
require access on a non-standard port. I don't know of any specific
hosting service that will do this for you as it would require a
dedicated server, but you could look into some collocated hosts.

Why not just require a secure login? Many sites do that, and
presumably your family has browsers capable of SSL.

Sponge
Sponge's Anti-Spyware Source
www.geocities.com/yosponge

Relevant Pages

  • RE: Finding Virtual ips
    ... What techniques do you recommend to find virtual IPs on a specific host ... If you are getting ISA server errors then you are probably wanting to ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Re: Using SBS2003 to host website
    ... Do not host your website on your SBS Server... ... That said, I know what I'm doing, but for bandwidth reasons I only host internally sites that don't receive much traffic. ... I also don't host on SBS, I use a separate server - primarily because of your next point ... ...
    (microsoft.public.windows.server.sbs)
  • Re: Creating a partition in unpartioned space
    ... Hosting your own website is like leaving the doors and windows on your house unlocked and putting up a huge sign that says, "Hey I have great stuff at my house and the doors are unlocked...COME and GET it" ... You can expect folks to drop payloads, music shares, etc on your server so you get screwed for peer-2-peer sharing, and the list goes on ... None of my customers and very few if any of the other MVPS have customer's who host their own site. ... Send via Windows Mail on Vista Ultimate connected to SBS 2003 R2 ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS web config
    ... Migrate the original www.thatname.com to your SBS Server. ... Now, ask your ISP to point www.thatname.com to your SBS Public IP adress, ... I do agree with you and others that say that you shouldnt host your ... On the website above, use a link, pointing to www.myweb.com, located ...
    (microsoft.public.windows.server.sbs)
  • Re: iptables and port scan
    ... >> offered to the internet by a given host. ... >On this website, you'll find links. ... >mentionned, if I offer FTP, it will be mentionned, and so on. ... http://www.mixmaster.anonymizer.com/ first and search for a permit? ...
    (comp.security.firewalls)