+ Post New Thread
Results 1 to 10 of 10
Internet Related/Filtering/Firewall Thread, How can I use our webserver to run our intranet privatley?? in Technical; Hi guys, Wondering if anyone can advise how you combat this problem: I'm running within school a webserver on apache ...
  1. #1

    Join Date
    Sep 2007
    Posts
    150
    Thank Post
    15
    Thanked 3 Times in 3 Posts
    Rep Power
    15

    How can I use our webserver to run our intranet privatley??

    Hi guys,

    Wondering if anyone can advise how you combat this problem:

    I'm running within school a webserver on apache for our joomla school website and moodle, these can be accessed outside school to the public, I now want to re-do our staff intranet using joomla and run it on the same webserver, the setup i want is if someone was to browse to the intranet folder from outside the school I want an authentication box to appear to protect private information but not when the staff access it from within school.

    Does anyone have a same setup & how do you combat this issue?

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    What webserver platform and OS?

  3. #3

    Join Date
    Sep 2007
    Posts
    150
    Thank Post
    15
    Thanked 3 Times in 3 Posts
    Rep Power
    15
    The webserver is running Windows server 2003 SP2 Enterprise

    Apache version 2.2.0
    MySQL version 5.0.18
    PostgreSQL version 8.1.2
    Openssl version 0.9.8a
    Slimftpd version 3.18
    Xmail version 1.22
    Perl version 5.8.
    PHP version 5.1.2
    Python version 2.3.5

  4. #4

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    In apache's configuration:

    Order deny,allow
    Deny from all
    Allow from <your-cidr-range> (e.g. 10.0.0.0/8)

    Adding 'authentication if not in school' makes it much more complex.

  5. #5
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    HI

    I would advice you to build a server and put in inside your firewall and keep the public and the private apart. I run several linux lamp servers on old pcs and they work great.

    Richard

  6. #6

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    Quote Originally Posted by ricki View Post
    HI

    I would advice you to build a server and put in inside your firewall and keep the public and the private apart. I run several linux lamp servers on old pcs and they work great.

    Richard
    That makes sense but I think the OP wants a single website which can be accessed from anywhere but, if it's accessed from inside school doesn't prompt for authentication.

    I think you can add to the allow/deny stuff so that it starts like the one above but then has a section to specify which users/passwords are allowed. The process exits as soon as it finds something which matches so if it's internal there'll be no password prompt but if it's external then it does prompt.

    I'd guess the other way would be to have 2 servers; one internal with no authentication and the other "external" and using authentication. Make the external one mirror the internal so that they stay in sync. This would work but obviously adds the cost of another Windows license (unless you do it as VMs!)

  7. #7

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by srochford View Post
    That makes sense but I think the OP wants a single website which can be accessed from anywhere but, if it's accessed from inside school doesn't prompt for authentication.

    I think you can add to the allow/deny stuff so that it starts like the one above but then has a section to specify which users/passwords are allowed. The process exits as soon as it finds something which matches so if it's internal there'll be no password prompt but if it's external then it does prompt.
    Ah, yes, I forgot that. This would be the best way.

    I'd guess the other way would be to have 2 servers; one internal with no authentication and the other "external" and using authentication. Make the external one mirror the internal so that they stay in sync. This would work but obviously adds the cost of another Windows license (unless you do it as VMs!)
    Or two IPs on one server and two VirtualHosts, or one IP and name-based virtual hosts.

  8. #8

    Join Date
    Sep 2007
    Posts
    150
    Thank Post
    15
    Thanked 3 Times in 3 Posts
    Rep Power
    15
    Thanks guys, so am i correct in thinking if I put this anywhere in my httpd.conf it will allow only staff machines from my admin network to access the intranet? (My staff ip range is 10.11.224.x -10.11.231.x)
    i.e:

    <Directory "C:/apache2triad/htdocs/staff_intranet">
    Order deny,allow
    Deny from all
    Allow from 10.11.224.1/21
    </Directory>

    the schools website directory is in another folder in the root of htdocs so that shouldn't ask for authentication from anyone as it has to stay public, which is what I want.

    whats the coding for specifing passwords for the <directory>? is there anyway I can authenticate using LDAP?

  9. #9


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    [can you setup a bunch of virtualhosts, using aspecific (internal) IP for the internal sites


    Code:
    <VirtualHost 192.168.1.1:80>
        
        ServerName randominternalwebsite.internal.domain
        ServerAlias randominternalwebsite.internal.domain
        DocumentRoot /var/www/vhosts/randominternalwebsite.internal.domain/html
        ErrorLog /var/www/vhosts/randominternalwebsite.internal.domain/logs/error_log
        CustomLog /var/www/vhosts/randominternalwebsite.internal.domain/logs/access_log combined
        <Directory /var/www/vhosts/randominternalwebsite.internal.domain/html>
            AllowOverride All
        </Directory>
    </VirtualHost>

  10. #10

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by chrisjako View Post
    Thanks guys, so am i correct in thinking if I put this anywhere in my httpd.conf it will allow only staff machines from my admin network to access the intranet? (My staff ip range is 10.11.224.x -10.11.231.x)
    i.e:

    <Directory "C:/apache2triad/htdocs/staff_intranet">
    Order deny,allow
    Deny from all
    Allow from 10.11.224.1/21
    </Directory>

    the schools website directory is in another folder in the root of htdocs so that shouldn't ask for authentication from anyone as it has to stay public, which is what I want.
    From memory, that looks about right.

    whats the coding for specifing passwords for the <directory>? is there anyway I can authenticate using LDAP?
    Investigate Apache's mod_auth_ntlm and mod_auth_ldap, neither of which I have much experience with, sorry

  11. Thanks to powdarrmonkey from:

    chrisjako (2nd April 2009)

SHARE:
+ Post New Thread

Similar Threads

  1. Virtulalising a Webserver (on UNIX)
    By markwilliamson2001 in forum Thin Client and Virtual Machines
    Replies: 7
    Last Post: 24th August 2008, 09:06 AM
  2. What is your webserver running?
    By FN-GM in forum Web Development
    Replies: 30
    Last Post: 15th August 2008, 08:46 AM
  3. Force Run .exe from a Intranet Page?
    By Silverman in forum Web Development
    Replies: 2
    Last Post: 2nd July 2008, 11:21 AM
  4. Run LDAP query intranet server
    By ryan_powell in forum Web Development
    Replies: 4
    Last Post: 18th February 2008, 02:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •