How to access a server http port 80 with port forwarding behind a router but require a password

Lisa Kachold lisakachold at obnosis.com
Thu Jun 30 19:01:09 MST 2011 

Hi Lee,

On Thu, Jun 30, 2011 at 6:43 PM, keith smith <klsmith2020 at yahoo.com> wrote:

>
> Sorry I meant for that IP or a range of IP's.
>
> ------------------------
> Keith Smith
>
> --- On *Thu, 6/30/11, keith smith <klsmith2020 at yahoo.com>* wrote:
>
>
> From: keith smith <klsmith2020 at yahoo.com>
> SNIP
> Date: Thursday, June 30, 2011, 6:41 PM
>
>
> If you know the remote IP you can use IPTables to block port 80 expect for
> that port or ports.
>
> ------------------------
> Keith Smith
>
> --- On *Thu, 6/30/11, Brian Parma <freecode at cox.net>* wrote:
>
>
> From: Brian Parma <freecode at cox.net>
> SNIP
>
> If you only want to authenticate outside users, you could setup a VPN if
> you are going to be accessing it from the same machine (like a laptop).
> You could use temporary SSH tunneling also, which would give access only
> to the machine you are SSHing from.
>
>
> You might be able to setup a dual HTTP/HTTPS as Judd said and only
> require authentication on the HTTPS, then just forward that port.  I'm
> not sure as I've never tried it.
>
>
> On 06/30/2011 05:28 PM, Judd Pickell wrote:
> > Before you get too excited, most home network providers don't allow
> > riding port 80. You can always use a different port like 8081 to
> > bypass. Standard Authentication is doable via .htaccess with apache,
> > however you goal is to be secure so you will likely want to setup a
> > HTTPS port with basic authentication in Apache that you will point to.
> > Not the most perfect solution but it does do roughly what you are
> > wanting.
> >
> > Sincerely,
> > Judd Pickell
> >
> > On Thu, Jun 30, 2011 at 5:22 PM,<leegold at speedymail.org>  wrote:
> >> Hi,
> >>
> >> Using Ubuntu 10.04 LTS.
> >>
> >> I have an intranet server behind a NAT router. Very standard linksys
> >> router home setup. The server has a static IP. I used port forwarding in
> >> the router to use SSH and log into the server remotely - it works OK.
> >>
> >> I want no one outside my home network to access any webpages on the
> >> server unless they're authenticated.. I know I could port forward like
> >> with ssh but with http port 80 and then see webpages , but again this
> >> would open it up to anyone with my cable modem's IP - wouldn't it?
> >>
> >> I need a secure way like SSH that requires a password before anyone
> >> could access port 80 and http from the server from a remote network.
> >>
> >> How do I do this? And on the local network people can get served pages
> >> normally as usual. Just remote would need authentication. Must be
> >> commonly done(?)
>
> Here's your Step X Step How to:

0)  Configure DNS and URI port forwarding:

Setup a free DynDNS.org WebHop using something like
https://leegold.homelinux.org which allows you to use custom URI forwarding
with an alternate port so your friends don't have to use something horrible
like https://198.23.22.13:8001/secret/index.htm.

1) Setup port forwarding:

Configure your router to port forward all port 8001 to port 80 on your local
192.168.n.n NAT network.

2) Configure your Authentication on Apache2:

On your Apache web server, add a .htaccess file to the subdirectory under
your DocumentRoot (example= /var/www/htdocs/secret) for authentication
following the Apache2 Howto:

:: hacked-up excerpt::

Authentication example

If you jumped directly to this part of the document to find out how to do
authentication, it is important to note one thing. There is a common
misconception that you are required to use .htaccess files in order to
implement password authentication. This is not the case. Putting
authentication directives in a <Directory> section, in your main server
configuration file, is the preferred way to implement this, and
.htaccessfiles should be used only if you don't have access to the
main server
configuration file. See above for a discussion of when you should and should
not use .htaccess files.

Having said that, if you still think you need to use a .htaccess file, you
may find that a configuration such as what follows may work for you.

You must have "AllowOverride AuthConfig" in effect for these directives to
be honored.

.htaccess file contents:

 AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
Require Group admins

Note that AllowOverride AuthConfig must be in effect (in your httpd.conf or
apache2.conf in /etc/apache2 or /etc/httpd [depending on your distro]) for
these directives to have any effect.

Please see the authentication
tutorial<http://httpd.apache.org/docs/1.3/howto/auth.html>for a more
complete discussion of authentication and authorization.

::end hacked up excerpt::
This should work like a charm for you.



>  SNIP
>
>
-- 
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com <http://www.homesmartinternational.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110630/ffa2a6e1/attachment.html>

More information about the PLUG-discuss mailing list