On 9/14/05, Scott Gifford [EMAIL PROTECTED] wrote:
AragonX [EMAIL PROTECTED] writes:
[...]
I know that mod_access and I think mod_security will allow me to do this
but they do it based on IP address. I'm afraid someone will spoof the IP
addresses of the internal network to bypass this
quote who=Scott Gifford
AragonX [EMAIL PROTECTED] writes:
[...]
I know that mod_access and I think mod_security will allow me to do this
but they do it based on IP address. I'm afraid someone will spoof the
IP
addresses of the internal network to bypass this security measure.
The
This may be a stupid answer, but isn't it easily possible to set up the
interfaces (or firewall, or both) so they reject source IP addresses in the
wrong I/F? Or am I missing the point?
David
| On 9/13/05, AragonX [EMAIL PROTECTED] wrote:
| Hello all,
|
| I am trying to secure my web server.
Hello,
Administrator wrote:
This may be a stupid answer, but isn't it easily possible to set up the
interfaces (or firewall, or both) so they reject source IP addresses in the
wrong I/F? Or am I missing the point?
Just drop packets coming in the external interface that claim to have an
IP
AragonX wrote:
I'm afraid someone will spoof the IP addresses of the internal network
to bypass this security measure.
I don't see how that's possible. Given the following:
M - malicious hacker at address M
W - webserver
I - internal network
AragonX [EMAIL PROTECTED] writes:
[...]
I know that mod_access and I think mod_security will allow me to do this
but they do it based on IP address. I'm afraid someone will spoof the IP
addresses of the internal network to bypass this security measure.
The easiest way to do this is with a