Menu
▾
▴
Re: ip restriction
|
From: Jamie C. <jca...@we...> - 2002-06-20 01:22:45
|
That page just sets up a certificate authority for creating new client-side certs, and so shouldn't mess up your existing webmin server. Try running /etc/webmin/stop , remove the ca= line from /etc/webmin/miniserv.conf, run /etc/webmin/start and then log in again .. As for the openssl.cnf file, it will be automatically when you setup the CA .. - Jamie Ian Forsyth wrote: > Ok, > > So i made a certificate, and i am pretty sure i made it incorrectly.. i did > not put in the fully qualified domain name. In my webmin log the last entry > is the get /webmin/setup_ca.cgi?form=output.... after i hit submit, i was no > longer able to access webmin.. > > so I looked at setup_ca.cgi .. and saw the file openssl.cnf was referenced > to /etc/webmin/acl.. so i deleted openssl.cnf.. > > I have certainly learned a lesson. does any one know how I can recover? > > Regards, > Ian > > > > >>-----Original Message----- >>From: Panel Vincent [mailto:web...@li...]On >>Behalf Of Panel Vincent >>Sent: Tuesday, June 18, 2002 10:45 AM >>To: web...@li... >>Subject: RE: ip restriction >> >> >>Just a little note about this : >> >>It is highly recommended not to use dynamic IP adresses for any >>host related to administration. It is too trivial to 1) attack >>DNS servers when host authentication is based on hostnames and 2) >>use a valid IP adress when host authentication is based on ranges >>of such adress. >> >>Webmin offers the possibility to authenticate users via >>certificate : use this instead (of course you can combine ip >>restriction and user authentication). I'm certainly not a >>security expert but I think these are the basics. >> >>Vincent Panel. >> >>-----Original Message----- >>From: Jamie Cameron [mailto:jca...@we...] >>Sent: Tue 6/18/2002 1:38 AM >>To: web...@li... >>Cc: >>Subject: Re: ip restriction >> >>Ian Forsyth wrote: >> >> >>>Hi, >>> >>>concerning restricting ip access.. what is the accepted format for wild >>>card.. for instance 155.144.%.. >>> >>>I want to let only six ips through to administer the server.. >>> >>though three >> >>>of those ips are dynamic.. is this currently supported? what are the >>>possible formats? >>> >> >>You can enter networks like 154.144.0.0/255.255.0.0 for an entire class B >>network, or single IP addresses, or wildcard hostnames like *.foo.com. >>In your case, dynamic IPs could pose a problem unless you have hostnames >>associated with them. In that case, you could just enter the hostname >>into the 'IP Access Control' , and make sure the 'Resolve hostnames on >>every request' is selected. >> >> - Jamie |