web interface security
Karl Auer
kauer at biplane.com.au
Wed Dec 28 14:56:08 UTC 2016
On Wed, 2016-12-28 at 08:54 -0500, Scott Blair wrote:
> On 12/28/2016 07:41 AM, Rashkae wrote:
> > On 16-12-28 03:58 AM, thufir wrote:
> > > Using fail2ban or other firewalls, I suppose a web server can
> > > blacklist certain IP's?
> > >
> Yes you can blacklist IPs and you can white-list IPs
I'm starting to get an uneasy feeling that we are offering answers
without knowing what Thufir's actual problem is. It's beginning to
sound as if he/she is setting up a "private webserver" to provide data
to a small set of users, and is trying to restrict access to it.
If that IS the intention, then trying to secure the web server at the
HTTP/HTTPS level or in firewalls is a bad idea. That's not what web
servers and firewalls are designed to do, and you will never get the
granularity you need.
Someone has already mentioned a VPN, and that would be a much better
idea.
Alternatively, if you have few users and they all have ssh accounts
inside your network, they could do this:
ssh -N -f -L PPP:WWW:QQQ YYY at ZZZ
... then, in their browser, go to http://localhost:PPP
Where:
PPP is any available local port > 1024
WWW is the name or IP of the webserver
QQQ is the actual port on the webserver
YYY is their account name for ssh
ZZZ is the ssh server's name or IP
Regards, K.
PS: This does it better, watch for email line wrap:
#!/bin/sh
MYPID=$$
ssh -M -S ~/$MYPID-sshsock -o ControlPersist=yes -N -f YYY at ZZZ > /tmp/ssh-$MYPID.txt 2>&1
ssh -S ~/$MYPID-sshsock -N -f -L PPP:WWW:QQQ YYY at ZZZ >> /tmp/ssh-$MYPID.txt 2>&1
(
cat << _EOF_
#!/bin/sh
ssh -S ~/$MYPID-sshsock -O exit xyz > /dev/null 2>&1
_EOF_
) > /tmp/killtunnel$MYPID.sh
chmod u+x /tmp/killtunnel$MYPID.sh
echo "Tunnel up. Logged in /tmp/ssh-$MYPID.txt. Kill with /tmp/killtunnel$MYPID.sh"
firefox http://localhost:PPP &
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
More information about the ubuntu-users
mailing list