RE: ip restriction

[Panel V. <vp...@ax...>]

Just a little note about this :

It is highly recommended not to use dynamic IP adresses for any host =
related to administration. It is too trivial to 1) attack DNS servers =
when host authentication is based on hostnames and 2) use a valid IP =
adress when host authentication is based on ranges of such adress.

Webmin offers the possibility to authenticate users via certificate : =
use this instead (of course you can combine ip restriction and user =
authentication). I'm certainly not a security expert but I think these =
are the basics.

Vincent Panel.

-----Original Message-----
From:	Jamie Cameron [mailto:jca...@we...]
Sent:	Tue 6/18/2002 1:38 AM
To:	web...@li...
Cc:=09
Subject:	Re: ip restriction

Ian Forsyth wrote:

> Hi,
>=20
> concerning restricting ip access.. what is the accepted format for =
wild
> card.. for instance 155.144.%..
>=20
> I want to let only six ips through to administer the server.. though =
three
> of those ips are dynamic.. is this currently supported? what are the
> possible formats?


You can enter networks like 154.144.0.0/255.255.0.0 for an entire class =
B
network, or single IP addresses, or wildcard hostnames like *.foo.com.
In your case, dynamic IPs could pose a problem unless you have hostnames
associated with them. In that case, you could just enter the hostname
into the 'IP Access Control' , and make sure the 'Resolve hostnames on
every request' is selected.

  - Jamie




-------------------------------------------------------------------------=
---
                   Bringing you mounds of caffeinated joy
                      >>>     http://thinkgeek.com/sf    <<<

-
Forwarded by the Webmin mailing list at =
web...@li...
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list