1,234
edits
Changes
→Controlling Access to Pages
=== Controlling Access to Pages ===
For security, it is important to allow access to general areas of your webpage, but also limit access to other sub-directories that contain other webpages or documents. Penetration Tester Testers or hackers may be able to navigate your file systems within your html directory to obtain unauthorised information.
There are many common-sense safeguards, such as creating an index.html file in your default directory that will display a webpage instead of the directory index. On the other hand, there are also safeguards that you can setup to provide additional protection to your data on your web server.
# As the root user on your gateway/host, try to forward incoming http connections that arrive on your host to the web server on vm1. Use an iptables command something like this:<br><source>iptables -t nat -A PREROUTING -i *yourinterface* -p tcp --dport 80 -j DNAT --to 192.168.X.2</source>
# You will also need to create a rule in the FORWARD chain in the default table to accept connections to port 80.
# To test this setup you'll need to use another machine outside your own network. If you are using an SSD and VMWare, For this purpose you can simply use the windows host. If you are using a removable drive, ask a classmate on another PC to act as the partner. In either case, enter your host's external IP address in their browser's address window.# Have the partner external machine view both '''index.html''' and '''index.php'''
# Create a new directory called '''private''' inside your '''DocumentRoot''' and move index.php inside it.
# Have your partner view both files again.<br><br>You will now modify the settings on the web-server to prevent machines outside our network from accessing the private directory.<br><br>