Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: A VPN and how to secure a webpage question

  1. #1
    Join Date
    May 2008
    Beans
    99

    A VPN and how to secure a webpage question

    After upgrading from 8.04 all the way through to 12.04 last night I thought Id play with a couple things.

    First is VPN. Ive taken a notion to set this up. Does anyone know/can suggest the best way for VPN so windows machines can connect? Ive read a ton of ways to do it and some are a bit dated, but the more recent seem to be focused more on ubuntu to ubuntu connections.

    Second, Ive been trying to secure webpages and I can only do it if they are in a link. Basically if I .htaccess a folder and it has index.html it will load index.html. If I hit refresh when on the page it prompts for the pass then. I have secured plenty of pages, but they are all in subdirs from the directory .htaccess is located. I read there is a better way by using ubuntu, but the writer never elaborated.

    Any help appreciated, thanks.
    Someday something constructive will go here.

  2. #2
    Join Date
    Sep 2006
    Beans
    7,192
    Distro
    Lubuntu Development Release

    .htaccess

    By secure a web page don't you mean running HTTPS?

    Anyway, in regards to .htaccess. Don't use it unless you don't have administrative access to your web server. If you do have administrative access to you web server, the changes go into the web server's configuration file under the section for the appropriate virtual host and directory.

  3. #3
    Join Date
    Feb 2011
    Beans
    9

    Re: A VPN and how to secure a webpage question

    In regard to VPN, the easiest way is to configure a PPTP VPN, since it's comes built-in with Ubuntu and Windows.

    About the secure website, I have all traffic coming to port 80 (http) forwarded to port 443 (https) and, of course, a virtual host for each one. Just search google, you're bound to find some guide to this.

  4. #4
    Join Date
    Sep 2006
    Beans
    7,192
    Distro
    Lubuntu Development Release

    Re: A VPN and how to secure a webpage question

    Quote Originally Posted by Sidner View Post
    In regard to VPN, the easiest way is to configure a PPTP VPN, since it's comes built-in with Ubuntu and Windows.

    About the secure website, I have all traffic coming to port 80 (http) forwarded to port 443 (https) and, of course, a virtual host for each one. Just search google, you're bound to find some guide to this.
    PPTP might be the easiest but it defeats any security advantage a VPN might otherwise have given:

    http://www.h-online.com/security/fea...P-1716768.html

    That's nothing new, just something final and irrevocable.

    Ideally your services should be secure enough to handle a direct connection to the net. If they are not, there they probably shouldn't be connected to the LAN either.

    If you still want a VPN, the better place to look would be IPsec or OpenVPN. But the way to secure a web connection is to use HTTPS.

  5. #5
    Join Date
    May 2008
    Beans
    99

    Re: A VPN and how to secure a webpage question

    The pages are on my Ubuntu server, so I have full access. When I say secure, I meant password protect. Sorry, I spent about 18hrs solid trying to get .htaccess to work and looking at VPN so I was a bit fried. I have .htaccess 'working', but I cant seem to get the directory it is in protected, just the sub directories from where it is located. Means that at the top level if there is index and htaccess, index still loads and htaccess wont kick in unless the page is refreshed.

    Any chance you can throw me a few keywords or a link to get me started using the virtual hosts solution, please? I keep coming across htaccess, php scripts and asp solutions.

    I'll indulge in https in the near future, maybe tonight if I hit another wall with VPN and htaccess

    PPTP is one of the things I noticed there was a few big warnings about giving a false sense of security. OpenVPN seems easy enough to setup server side, but I dont know how to connect to it using a windows machine. Seems like it would be simple enough to config a Linux client but I want to be able to simply fire up a windows machine from anywhere and use its native VPN support. But if I need to use another prog on top, I think I can deal with that.
    Someday something constructive will go here.

  6. #6
    Join Date
    Sep 2006
    Beans
    7,192
    Distro
    Lubuntu Development Release

    AuthUserFile

    You don't need .htaccess if you have administrative access to your web server. .htaccess is a work-around to give some extra permissions to users without actually having to give any permissions at all to the server's configuration files.

    It should go something like this:
    Code:
    <Directory /some/directory>
        AuthType Basic
        AuthName "Enter password"
        AuthBasicProvider file
        AuthUserFile /path/to/passwordfile
        Require valid-user
    </Directory>
    Look up AuthUserFile and the others in the documentation for more details.

    Remember to reload the server's configuration after making changes. Also, the password file should *not* be anywhere within DocumentRoot. It should be outside.

    htpassword is what you'll used to generate the passwords for basic authentication. If you look you can tie it to various databases, but that's for later if ever.

  7. #7
    Join Date
    May 2008
    Beans
    99

    Re: A VPN and how to secure a webpage question

    That looks almost exactly like what Ive been doing with .htaccess. So the only difference is this goes into the default file in sites-enabled?

    I have a dir under /home that Ive been putting the password files into to keep them seperate and out of the way and apache restart seems to be only two taps of a cursor key away nowadays. Also I think that when you make any file with a . at the start apache automatically hides it, not sure though, been months since I really looked at it.

    Edit: apache.conf, got it, I think.
    Edit; Edit: Nope, same result. So it must be something else Ive done. Ill backup my apache folder then purge apache and install again.

    7hrs after the last edit and ... same result.

    /home/cackles/mysite with index.html and .htaccess will allow index.html to load and wont prompt for a pass until the page is refreshed.

    /home/cackles/mysite/subdir will prompt for a pass before it goes any further.
    Last edited by cackles; October 9th, 2012 at 07:57 AM.
    Someday something constructive will go here.

  8. #8
    Join Date
    Feb 2008
    Beans
    251
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: A VPN and how to secure a webpage question

    Could you post what you're putting into your configuration file? For example, if you're configuring like:

    Code:
    <Directory /home/cackles/mysite/subdir>
        ....
    </Directory>
    then I understand that access shouldn't be restricted to /home/cackles/mysite/index.html


    Also, consider using reload rather than restart, to avoid downtime on your server when you're refreshing your configurations. This should be appropriate:

    Code:
    sudo service apache2 reload

  9. #9
    Join Date
    Sep 2006
    Beans
    7,192
    Distro
    Lubuntu Development Release

    Re: A VPN and how to secure a webpage question

    Quote Originally Posted by cackles View Post
    That looks almost exactly like what Ive been doing with .htaccess. So the only difference is this goes into the default file in sites-enabled?
    Yes. .htaccess is only an extension of the configuration file. It is for cases where you want to allow end users to do some configuration but without giving the whole vhost away. Say allowing tens of thousands of students and faculty to limit access to their own web pages. Using the main configuration file simplifies things by keeping it all in the same place and reduces likelihood of mistakes, security or other kinds.

    In default Apache for Ubuntu, there is a default virtual host in /etc/apache2/sites-available/default Use that.

    If you are putting web pages in your own home directory, you might be interested in the user_dir module if you aren't already using it.

  10. #10
    Join Date
    May 2008
    Beans
    99

    Re: A VPN and how to secure a webpage question

    Tried using the default file but when I do it either goes to the default setup and ignores the vhost, gives error or keeps displaying last cached page, probably shouldnt but does. Im using a much shorter version.

    Currently using

    <VirtualHost *:80>
    ServerName mysite.com
    DocumentRoot /home/cackles/mysite/
    </VirtualHost>

    If I even attempt to use the default as a template it goes to internal server error 9/10 times. Both my vhosts look like that.

    I have mysite1, mysite2 and default, basically.

    I have

    <Directory /home/cackles/mysite/test>
    AuthType Basic
    AuthName "Enter password"
    AuthBasicProvider file
    AuthUserFile /home/cackles/scrappass
    Require valid-user
    </Directory>

    For the password protection. I entered this into apache2.conf though. I also added /test so that I dont have any errors for now. So should that actually be in the vhost config file for that website? I saw examples with it in apache2.conf and httpd.




    I might have the VPS part cracked, will see later if it works out. Havent started it yet but down to about three tuts with good potential.
    Last edited by cackles; October 9th, 2012 at 02:15 PM.
    Someday something constructive will go here.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •