I have set up an Intranet and am trying to setup security.
I am somewhat familiar with iis and trying to get familiar with apache.
From what I have read, it works as follows. I am looking to see if I have it ok and to get some additions and pointers. I am running on a Linux box.
A person is able to issue http without a login. I can have people access pages that are general and need to be available to everyone. In Apache this is ALL?. I can secure the pages down that I want by using Basic Authentication and eliminating ALL.
When a person tried to access a secured page, they will be prompted with a password and login. If they don't have a valid one they can't get in. I can set up groups and so forth for security.
Is this correct?
I have also seen a sample of a log with requests by I/P addresses. Is this part of apache.
Additionally, I want to eliminate access from Internet to our internal site. Appreciate any assistance.
I am somewhat familiar with iis and trying to get familiar with apache.
From what I have read, it works as follows. I am looking to see if I have it ok and to get some additions and pointers. I am running on a Linux box.
A person is able to issue http without a login. I can have people access pages that are general and need to be available to everyone. In Apache this is ALL?. I can secure the pages down that I want by using Basic Authentication and eliminating ALL.
When a person tried to access a secured page, they will be prompted with a password and login. If they don't have a valid one they can't get in. I can set up groups and so forth for security.
Is this correct?
I have also seen a sample of a log with requests by I/P addresses. Is this part of apache.
Additionally, I want to eliminate access from Internet to our internal site. Appreciate any assistance.