Re: hosting a secure website accessible from only a few IP addresses and users
From: 2pac (cal_2pac_at_yahoo.com)
Date: 06/24/03
- Next message: megan: "FIPS 140-1"
- Previous message: Cap: "Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND"
- In reply to: sponge: "Re: hosting a secure website accessible from only a few IP addresses and users"
- Next in thread: Walter Roberson: "Re: hosting a secure website accessible from only a few IP addresses and users"
- Reply: Walter Roberson: "Re: hosting a secure website accessible from only a few IP addresses and users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Jun 2003 19:09:48 -0700
yosponge@yahoo.com (sponge) wrote in message news:<8d76ec03.0306231448.4a8f3d85@posting.google.com>...
> On 22 Jun 2003 15:37:24 -0700, cal_2pac@yahoo.com (2pac) wrote:
>
> >Hi
> >I need to create a website for my family (spread across different
> >countries) to share their calendar and personal journal. Since some
> >info may be confidential, I was wondering if I can establish a secure
> >website that is accessible by only a few IP addresses and user.
> >To date I do not know of any webserver that can restrict access from
> >some IP addresses (haven't checked in IIS - but I am scared of using
> >it anyway).
> >
> >one way would be to host the web site using apache with a software
> >daemon listening on port 80. This daemon will accept only connections
> >from certain preconfigured IP addresses and will then forward the
> >data to apache.
> >The web server will then do its own user level authentication.
> >Is this technique secure?
> >
> >Are there any websites that will host my website and will also let me
> >configure IP address and user level auth for free?
> >Thanks for any suggestions
>
> If you're talking about running your own server you can simply
> firewall the thing with something like Kerio and configure it to
> permit only the IP addresses you want and block all else. Of course,
> that presumes that all your family is on static IPs; if not, you'll
> have to allow the entire network of those who are not static, but it
> will cut down on the possibilities. Take things a step further and
> require access on a non-standard port. I don't know of any specific
> hosting service that will do this for you as it would require a
> dedicated server, but you could look into some collocated hosts.
>
> Why not just require a secure login? Many sites do that, and
> presumably your family has browsers capable of SSL.
>
> Sponge
> Sponge's Anti-Spyware Source
> www.geocities.com/yosponge
Thanks for the suggestions
a) family has got static IPs
b) authenticated user logins (OR logins over SSL) may be useful - but
am wondering how good against hacker brute force or dictionary
attacks.
If popular websites can get hacked - the moment I let someone know
that there is a port open (and the identity of the web server
software) - I may be susceptible to attack
to begin with is tripod a good place to host - not sure if I can do an
authentication in it.
- Next message: megan: "FIPS 140-1"
- Previous message: Cap: "Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND"
- In reply to: sponge: "Re: hosting a secure website accessible from only a few IP addresses and users"
- Next in thread: Walter Roberson: "Re: hosting a secure website accessible from only a few IP addresses and users"
- Reply: Walter Roberson: "Re: hosting a secure website accessible from only a few IP addresses and users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
