2abilling access only

Discussion in 'General' started by Centar, Sep 24, 2010.

  1. Centar

    Joined:
    Jan 10, 2010
    Messages:
    99
    Likes Received:
    0
    After MUCH research and reading I still cannot find the straight and simple way to secure my elastix box.

    All I want to do is to block all access from the internet to the elastix box EXCEPT for the a2billing directories.

    I do not want to block anything from the local LAN.

    The best I can see is to use IPTABLES but I cannot find any examples on how to block everything except for some directories on a server from WAN access.

    Any guidance in this area would be greatly appreciated!
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    You need to better understand your OSI levels:

    http://en.wikipedia.org/wiki/OSI_model

    You can only use IP tables to block by address and protocol on level 3 (ip-tables), to block by directory you will need to allow http(s) on iptables (limit similarly to the most restrictive address range) and then allow/deny the presumably more restrictive ip address range in your /etc/httpd/* hierarchy to the directories published therein (be careful of wild cards) largely on level 4 and above.
     
  3. Centar

    Joined:
    Jan 10, 2010
    Messages:
    99
    Likes Received:
    0
    I believe I have found the solution to my problem.
    I put it here for the benefit of others...

    This is for the default a2billing setup(ver 1.3) in Elastix 1.6

    In file /etc/httpd/conf/httpd.conf
    I put:

    <Directory "/var/www/html">
    AllowOverride None
    Order Deny, Allow
    Deny from all
    # Insert your local lan below ie. 192.168.1
    Allow from xxx.xxx.xxx
    </Directory>

    <Directory "var/www/html/a2customer">
    Order Allow, Deny
    Allow from all
    </Directory>

    <Directory "var/www/html/a2billing/signup">
    Order Allow,Deny
    Allow from all
    </Directory>

    This blocks all outside (wan) access to all of the Apache served directories save for the a2customer and signup directories and allows access to all directories from the local lan.

    If anyone sees any problems with this PLEASE reply...
     

Share This Page