Allowing Remote Access To A Local Ssl Or Tls Web Server

If you conduct some form of e-commerce or have a user-authenticated web area, you'll most likely want to allow incoming connections to encryption-protected areas of your website. Otherwise, you won't need local server rules.

Both the OpenSSL included with Linux and commercial SSL support packages are available for the Apache web server. See http://www.apache.org for more information.

The next two rules allow incoming access to your web server using the SSL or TLS protocols:

if [ "$CONNECTION_TRACKING" = "1" ]; then $IPT -A INPUT -i $ INTERNET -p tcp \

$IPT -A INPUT -i $ INTERNET -p tcp \ --sport $UNPRIVPORTS \ -d $IPADDR --dport 443 -j ACCEPT

$IPT -A OUTPUT -o $ INTERNET -p tcp ! --syn \ -s $IPADDR --sport 443 \ --dport $UNPRIVPORTS -j ACCEPT

Publicly accessible web server proxies are most common at ISPs. As a customer, you configure your browser to use a remote proxy service. Web proxies are often accessed through one of two unprivileged ports assigned for this purpose, ports 8008 or 8080, as defined by the ISP. In return, you get faster web page access when the pages are already cached locally at your ISP's server and the relative anonymity of proxied access to remote sites. Your connections are not direct, but instead they are done on your behalf by your ISP's proxy. Table 4.10 lists the complete client/server connection protocol for the web proxy service.

-m state --state NEW -j ACCEPT

Was this article helpful?

0 0

Post a comment