× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. May 2016

Re: Apache web site blocking by location

Statistics on attacks show that most originate from outside the US. Was a at a recent local InfraGard seminar where they recommend using doing access rights based on the geolocation of the originating device. Yes, the bad guys can use a US based system they have gained access to as a jumping point to attack others but they still think that additional layer is a good idea.

The other idea they suggested was logging IP address access by user and anytime you see a new IP address being used by that user raise a flag to investigate

-----Original Message-----
From: WEB400 [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Kevin Turner
Sent: Tuesday, May 10, 2016 9:01 AM
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Subject: Re: [WEB400] Apache web site blocking by location

Why the paranoia about people getting access outside of the US? Even if you achieved that, it would still be accessible to millions who are in the US but who are not employees - so what is the difference......if you don't me asking?

On 10 May 2016, at 13:48, Mike Cunningham <mike.cunningham@xxxxxxx> wrote:

It would if we were a regular business but higher education is a different kind of beast. I would need to be able to support VPN for 1,000 people many of whom are part-time faculty. Other staff and faculty will travel to conferences with personal laptops or once a year need to access something when away from campus. Making sure they have VPN before they leave would be almost impossible, then when they are on the road and need something getting VPN added to whatever device they have would also be impossible. And then add to that the other cloud services that faculty use for classes that do not need a VPN connection and make this one web site require VPN and I would have a faculty revolt. I could get support for a rule that if you leave the country you have to be prepared to use VPN but we might have 1 or 2 people travel abroad a year.

-----Original Message-----
From: WEB400 [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Mark S
Waterbury
Sent: Tuesday, May 10, 2016 12:57 AM
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Subject: Re: [WEB400] Apache web site blocking by location

Hi, Mike:

If this web site "... should only be accessed by employees ..." then would it not make more sense to put this web site behind a VPN firewall, and issue VPN credentials to those employees?

HTH,

Mark S. Waterbury

On 5/9/2016 10:32 PM, Mike Cunningham wrote:
Is it possible to block access to an iSeries hosted web site running under Apache from being accessed by anyone outside the United States? We run a site that should only be accessed by employees and we have no employees who would ever need to access the site from outside the US.

Mike Cunningham


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: WEB400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: WEB400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/web400.


___________________________________________
This email has been scanned by iomartcloud.
http://www.iomartcloud.com/


________________________________

NOTICE: The information in this electronic mail transmission is intended by CoralTree Systems Ltd for the use of the named individuals or entity to which it is directed and may contain information that is privileged or otherwise confidential. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email or by telephone, so that the sender's address records can be corrected.



--------------------------------------------------------------------------------


CoralTree Systems Limited
25 Barnes Wallis Road
Segensworth East, Fareham
PO15 5TT

Company Registration Number 5021022.
Registered Office:
12-14 Carlton Place
Southampton, UK
SO15 2EA
VAT Registration Number 834 1020 74.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.