Re: Blocking Intranet
Elric of Melnibone (elric@melnibone.org)
Thu, 15 May 1997 16:52:19 +0600
Vidiot wrote:
>
> <
> <I'm trying to block Intranet web access for anyone outside of our network. Is:
> <
> <deny 0.0.0.0/0 intranet.tradeex.com/24 tcp dst eq 80
> <permit 206.30.200.0/24 intranet.tradeex.com/24 tcp dst eq 80
> <
> <Correct? We have a Class C network 206.30.200.XXX (/24 means Class C doesn't it?? What is /32 for?)
>
> You don't say if you have a web site that is meant for access by the outside.
> If so, it is probably using the default port 80. Our web server, my working
> computer, also services two other web page sites; my internal set of test pages
> for my personal stuff that is placed elsewhere, and our intranet. These use
> ports 8000 and 9000, respectively. I keep access away from these by denying
> access to those port numbers in the IRX-111 router that we have.
>
> So, my suggestion is to have the external web site on port 80 and the intranet
> web site on port 8000 and block it that way. Yes, this means you will have
> two httpd configurations. So what. If you keep everything in the same area,
> that isn't a problem. I use three separate config directories called:
>
> /usr/http/htconf
> /usr/http/htconf8000
> /usr/http/htconf9000
>
> Very easy to maintain and block in the router.
>
> MB
> --
> System Administrator - Finnigan FT/MS - Madison WI. <URL:http://www.ftms.com/>
> e-mail: brown@ftms.com
> phone: (608) 273-8262 ext: 612 fax: (608) 273-8719
> Visit - <URL:http://www.cdsnet.net/vidiot/> (Your link to Star Trek and UPN)
What type of WebServer is being used? You should be able to block
access to a dir structure via a .htaccess file.
Elric