Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Intranet and Internet sites on the same server 1

Status
Not open for further replies.
VB400

VB400

Programmer
Sep 8, 1999
359
US
We have our internet site (mainly for webmail) and our intranet site on the same Win2000 server machine running IIS5. From the web, a user accesses our site via which will present a "Microsoft Outlook Web Access" signon screen. The user then logs in to get their e-mail.

Now, we started a small intranet on the same server. However, from the web any user can access our intranet via
This is of course a major problem. So we changed the intranet's Directory Security to disallow Anonymous access and force "Integrated Windows Authentication". Now, when a user is logged onto the network, they access the intranet without being prompted for a password. If an *outside* web user tries to access the intranet via they're prompted for ID, Password and domain.

This seems to solve the problem, in the sense that unless you have a Windows account on our network, you won't be able to access our intranet.

My question is: Is there a security risk doing it this way? If so, what is it? and how can we fix it?

Thanks in Advance! Tarek
 
Sort by date Sort by votes
Another step you could take, and one that could eliminate your need for having a password login would be to restrict the site by ip address. You can specify just the addresses in your office lan and block all others. This is just as good of security, as far as I know as password protecting a site. I have used this technique for ftp sites that I needed to restrict access to, and it has worked great.
 
Upvote 0 Downvote

We have approximately 200 machines where the address is generated by DHCP. Does this mean that I would have to type in all 200 addresses or is there a way to enter it generically. For example, 192.168.100.xxx where the xxx represents the generic portion? Tarek
 
Upvote 0 Downvote
Go into IIS manager. Go to the security properties of your intranet site. Go to ip addresses and domain name restrictions. Change the radio button to denied access, then click on add. Switch to group of computers. Enter the ip address of your dhcp server in the network id box, and the subnet of your network in the subnet box. This will deny access to all computers but those within that ip range on that subnet. As long as those addreses are not internet routable, which they shouldn't be, it will secure your site without the need for entering a network password every time you want to access the site.
 
Upvote 0 Downvote

Thanks cckrocks -- it worked as you said! Tarek
 
Upvote 0 Downvote
Is there a way to just post the intranet to LocalHost or the loopback IP (127.0.0.0) or something like that. I have my intranet behind a firewall on our LAN but I'm not sure how to set it up. I know how to set up DNS and etc... for the Internet sites we have on the other side of the firewall, but I am having difficulty with the Intranet. Any help appreciated.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
205
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
255
Aquiles Vidal
Aquiles Vidal
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
197
mangentle
mangentle
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
385
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
293
suncit
suncit

Part and Inventory Search

Sponsor

Back
Top