Giuseppe Sacco <[EMAIL PROTECTED]> writes: > Weel, we have all our data available in a web server, so we'd like to browse > the data in the same way. Maybe we can have something like: > > CLIENT FW SERVER > browser > authenticator-daemon firewall web server > > when the user outside the firewall ask to connect via https:// > then the firewall can ask the client to autenticate himself.
HTTPS supports client certificates, which you can use to authenticate the user. A good place to start looking for more information is <URL:http://www.verisign.com/>. You should be able to configure something with ipportfw or redir to just send the HTTPS connections to the firewall to the web server, and _make sure the web server is secure_, e.g. it only allows connections from listed client certificates. You could also put the web server on two IP addresses, and have virtual servers so that one is used by internal LAN access, and the other is used by forwarded connections from the firewall. That way you can configure each virtual server with different security requirements, e.g. basic authentication for external users if the data isn't very sensitive. See the web server manual for more details. -- Carey Evans http://home.clear.net.nz/pages/c.evans/ "Is there anyone who actually believes that USAicans are so modest or intellectually honest as to be unable to find someone to sue?" - Cameron Laird
