I am trying to limit the outside access to my Bubba. It is behind a
firewall that only forwards Port 80 to it. But the firewall will not limit
who it forwards. So I added in /etc/hosts.deny to deny all and added
in /etc/hosts.allow my main host and my company which is external to
the firewall. This does seem to restrict ssh inside the firewall to only my main host but the http port does not seem to be restricted. Any suggestions. I see where this distribution does not have xinetd but only inetd.
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
How to limit access
Hi lkbrow1,
Regarding external web access to Bubba. One security note is that if you want to make sure that no one intercepts your traffic you should open up port 443 in your gateway and then use https when accessing Bubba. Traffic will then be encrypted which makes it tougher for others to eavesdrop on you.
If you then would like to limit from where the webpages are visible. The "easiest" way should be to alter the apache config.
As an example. To limit access to the web-admin you have to edit the file /etc/apache2/conf.d/web-admin
Today it looks like this:
The trick here is to alter the lines with Allow and Deny. Changing it to start with a Deny from all to and then tell who can access it with one or more Allow from XX
So as an example, to only allow access from the local network it could look something like this:
And for this to have effect you have to tell apache to reread its configuration by issuing a:
More information on how to write these Allow and Deny can be found here http://httpd.apache.org/docs/2.0/mod/mo ... html#allow
Finally, this configuration is most likely overwritten by upgrades. So after an upgrade please check to see that the alterations you have made is still there.
/Tor
Regarding external web access to Bubba. One security note is that if you want to make sure that no one intercepts your traffic you should open up port 443 in your gateway and then use https when accessing Bubba. Traffic will then be encrypted which makes it tougher for others to eavesdrop on you.
If you then would like to limit from where the webpages are visible. The "easiest" way should be to alter the apache config.
As an example. To limit access to the web-admin you have to edit the file /etc/apache2/conf.d/web-admin
Today it looks like this:
Code: Select all
Alias /web-admin "/usr/share/web-admin/"
<Directory "/usr/share/web-admin/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
AddType application/x-httpd-cgi .cgi
Options ExecCGI
</Directory>
So as an example, to only allow access from the local network it could look something like this:
Code: Select all
Alias /web-admin "/usr/share/web-admin/"
<Directory "/usr/share/web-admin/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.0
AddType application/x-httpd-cgi .cgi
Options ExecCGI
</Directory>
Code: Select all
/etc/init.d/apache2 reloadFinally, this configuration is most likely overwritten by upgrades. So after an upgrade please check to see that the alterations you have made is still there.
/Tor
Co-founder OpenProducts and Ex Excito Developer