How to access a server http port 80 with port forwarding behind a router but require a password

Joseph Sinclair plug-discussion at stcaz.net
Thu Jun 30 19:42:29 MST 2011


Several others have responded, but I wanted to mention a slightly different approach:
If you want authentication for remote and not for local; and you want to keep traffic off the HTTP box until it's authenticated for the remote case
You might try setting up an HAProxy(http://haproxy.1wt.eu/) on another machine (some spare machine on local net should work fine) and port forward to that.
You can then set the listen configuration for port (443, 80, or whichever you end up using) to require authentication (see section 3.4 of the documentation [http://haproxy.1wt.eu/download/1.4/doc/configuration.txt] on userlists) and HAProxy will do the authentication before forwarding the request to the real HTTP server.

HAProxy is quite small and lightweight, so you might be able to run it on a router if you have open replacement firmware with a 2.6.32 or later kernel (caveat: I've never tried this and it might take a lot of work), and it has a vast array of other options for custom routing of HTTP and/or TCP requests.

For local net you'd just connect directly to the HTTP server or you could have the HAProxy listen separately on the local interface and bypass authentication for local requests.

Lots of options, as is usual in the Free/Open world.

On 06/30/2011 05:22 PM, leegold at speedymail.org wrote:
> Hi,
> 
> Using Ubuntu 10.04 LTS.
> 
> I have an intranet server behind a NAT router. Very standard linksys
> router home setup. The server has a static IP. I used port forwarding in
> the router to use SSH and log into the server remotely - it works OK.
> 
> I want no one outside my home network to access any webpages on the
> server unless they're authenticated.. I know I could port forward like
> with ssh but with http port 80 and then see webpages , but again this
> would open it up to anyone with my cable modem's IP - wouldn't it?
> 
> I need a secure way like SSH that requires a password before anyone
> could access port 80 and http from the server from a remote network.
> 
> How do I do this? And on the local network people can get served pages
> normally as usual. Just remote would need authentication. Must be
> commonly done(?)
> 
> Thanks,
> 
> Lee G.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110630/88cc8143/attachment.pgp>


More information about the PLUG-discuss mailing list