Solved

Intranet - access from Internet

Posted on 2006-06-20
4
255 Views
Last Modified: 2012-05-05
Hi.
A client of mind is asking that I create a password protected login page on their website that leads to the company intranet.

As far as I'm aware this is not possible - to access an intranet from the internet unless using a VPN connection or Firewall.

Could someone advise? If this is possible - the steps involved.

Thanks.

Al


0
Comment
Question by:myrepublic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Expert Comment

by:deepaknet
ID: 16941725
I think you can configure Reverse Proxy or FireWall rule so that external users can access intranet through a specified URL on the Firewall/Proxy server.
0
 
LVL 57

Accepted Solution

by:
Julian Hansen earned 400 total points
ID: 16942236
It is possible - not advisable but possible.

You have to configure the firewall to open a port to the internal webserver. Typically you would set this up to only accept connections from the external webserver. Also it is advisable to do PAT (port address translation) from the external port to internal port using non standard HTTP ports - just as an added precaution.

Now setup a page on the website with standard login with a redirect on success to the firewall address and port configured - example

Redirect to http://server.domain.com:5001

Where server.domain.com points to the client's firewall (or use IP for external interface of firewall) and 5001 is the firewall port configured to accept the request

On the firewall you create a PAT entry that maps requests from the external webserver on port 5001 to the internal server on port 80.

As I said before it can be done but not really recommended.
0
 
LVL 4

Assisted Solution

by:KellyCraig
KellyCraig earned 100 total points
ID: 16943256
I agree with julianH.
However, there is another security step I advise.
Instead of having a static port address like http://server.domain.com:5001
which could be found and or linked to to bypass login, make a page like
http://server.domain.com/login.php 
then inside that page, have the following code.

<?php
if (!$action){
echo "your login here witht he form action set to login.php?action-login";
exit;
}
if ($action == "login"){
$get = mysql_query ("select * from userdb where username='$username'");
$userinfo = mysql_fetch_array($get);
    if ($userinfo[password] != "$password"){
        echo "bug off";
        exit;
        }
    if ($userinfo[password] == "$password"){
        echo "<iFrame src=\"http://server.domain.com:5001\" width=\"100%\" height=\"100%\">Sorry, your browser does nto support iFrames.</iFrame>"
       }else{ exit; }
}
?>

Yes, sure, someoen coudl still see the source code and see the address, but you weed out those idiots that would bookmark the page bypassing login.
0
 
LVL 4

Expert Comment

by:KellyCraig
ID: 16943265
Note: I cant edit my above comment, if you do use SQL, PLEASE remember to do a mysql db connect string -.-
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
This article was originally published on Monitis Blog, you can check it here . Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question