Mike,
If it was up to me, I wouldn't use a Windows based server either, however,
what the client bought is what I had to use. KWIM?
I can't block DNS on this server due to it having a .com tied to it. I
looked this afternoon and no dice. I can look into it more in depth on the
httpd site. What a perplexing thing I'm trying to do.
- Josh
On Fri, Aug 7, 2009 at 5:47 PM, Mike -- EMAIL IGNORED <
m_d_berger_1...@yahoo.com> wrote:
> On Fri, 07 Aug 2009 14:08:27 -0400, Josh Gooding wrote:
>
> > No, my understanding is login's weren't encrypted unless SSL was used.
> >
> > Scott, I'm not a sysadmin, but does win2k3 server have something like
> > iptables? That MIGHT be a little more helpful, I'll have to research it
> > more, however, I still need to figure out how to drop SSL after the
> > login screen. Let me do some more digging around the internet.
> >
> > The login password is encrypted with MD5 before checking the DB and
> > stored in the DB as an MD5 hash, so with that being said, is SSL even
> > neccessary on the login to the software?
> >
> > Thank you again for all the responses and advice. It is highly
> > appreciated.
> >
> > - Josh
> >
> [...]
>
> I'm not sure I would block DNS on a Windows system, certainly
> if it is doing anything else but being a server. But then
> I would not use a Windows system for a server.
>
> I suspect that what you want to do can be accomplished
> with mod_ssl, mod_rewrite, <Directory> and <VirtualHost>.
> I don't see my way right to it, but, for example,
> RewriteCond %{REMOTE_USER} !^.+$
> RewriteRule $.*$ - [F]
> or some such thing properly placed might be useful.
>
> Detailed tutorials for these capabilities can be found on
> the Apache web site. Some study would be required.
>
> HTH.
> Mike.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
