Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Port based firewall, encryption, poxy, http security
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
augury
l33t
l33t


Joined: 22 May 2004
Posts: 718
Location: philadelphia

PostPosted: Sun Feb 02, 2014 2:31 am    Post subject: Port based firewall, encryption, poxy, http security Reply with quote

I've emerged www-apache/anyterm. It provides a console terminal to a web browser.

The problem is that the terminal is not only an unencrypted transmission -- its already logged in!

I really like the idea of having a terminal on a web browser interface. It requires at least two security features that should apply to this port exclusively:

1. password login for http capable browser
2. encryption handled by a web browser (ssl?)

Anyterm is started by a deamon to a specified port. Although it is www-apache it does not have an apache folder or config files.
Back to top
View user's profile Send private message
hdcg
n00b
n00b


Joined: 07 Apr 2013
Posts: 26

PostPosted: Sun Feb 02, 2014 6:31 am    Post subject: Reply with quote

Hi augury,

I am not an anyterm user myself, but I would assume that authentication/authorization as well as encryption should be handled by an Apache server in front of anyterm.

A look at the anyterm homepage http://anyterm.org/howitworks.html confirms this.

So you should setup anyterm to only listen on localhost. Place Apache in front with a suitable authentication module and the proxy module enabled. Then you can proxy a URL of our choice to the anyterm daemon.

I would assume that stunnel could also be used for such a setup. As it is SSL centric it offers less options than Apache when it comes to authentication/authorization.

Best Regards,
Holger
Back to top
View user's profile Send private message
augury
l33t
l33t


Joined: 22 May 2004
Posts: 718
Location: philadelphia

PostPosted: Sun Feb 02, 2014 8:27 am    Post subject: Reply with quote

I swear to god I am the the international error code tourist.


OK I got it to work.
Code:

<VirtualHost *:80>
        ServerName 192.99.12.70
        Include /etc/apache2/vhosts.d/default_vhost.include

        ProxyPass /console http://127.0.0.1:7676             #this is the forward proxy to the localhost
        ProxyPassReverse /console http://127.0.0.1:7676 #this is the proxy reverse
        ProxyPassReverseCookiePath /console /                 #anyterm.html does not set cookies
        ProxyPassReverseCookieDomain http://127.0.0.1:7676 http://192.99.12.70
        ProxyHTMLExtended On    #this allows the .js and .css to be loaded -- had to emerge mod_proxy_html and add -D PROXY_HTML to the options line in /etc/conf.d/apache2
        ProxySourceAddress 127.0.0.2                               #this was not required but it reenforces the fact

<Location /console/anyterm.html>                               
        AuthType Basic
        AuthName "Authentication Required"
        AuthUserFile "/etc/htpasswd/htpasswd"
        Require valid-user
</Location>

</VirtualHost>



Now what I need to do is use add the secure connection encryption.
Back to top
View user's profile Send private message
augury
l33t
l33t


Joined: 22 May 2004
Posts: 718
Location: philadelphia

PostPosted: Sun Feb 02, 2014 8:36 am    Post subject: Reply with quote

I enabled all the APACHE2_MODULES= (why not) and had to add -D PROXY and -D PROXY_HTML (from the mod_proxy_html port).
Back to top
View user's profile Send private message
augury
l33t
l33t


Joined: 22 May 2004
Posts: 718
Location: philadelphia

PostPosted: Sun Feb 02, 2014 8:43 am    Post subject: Reply with quote

Another thing, it is sort of useless if anytermd is not run without --user root.
Back to top
View user's profile Send private message
augury
l33t
l33t


Joined: 22 May 2004
Posts: 718
Location: philadelphia

PostPosted: Sun Feb 02, 2014 9:38 am    Post subject: Reply with quote

OK now I want to run a gkrellmd over the internet. gkrellmd is as bad as an open terminal, SO I need to secure a log in.

But gkrellm clients do not have a means of authenticating.

Is apache able to authenticate with another apache and connect my proxys?
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 8617

PostPosted: Sun Feb 02, 2014 5:22 pm    Post subject: Reply with quote

Perhaps it would be a better use of your time to find a way to make ssh work reliably over whatever excuse for an Internet connection you are stuck on. Once that works, ssh port forwarding will handle the rest. You could also try an OpenVPN TCP-TLS tunnel over 443, which should work in the absence of an SSL-cracking proxy.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum