Checkpoint NG: Protect one file on webserver

Hello all,

little question about Checkpoint NG:

We would like to protect (based on source ip) access to one file on a webserver --> unrestricted access to all files on a certain website, except one file protected based on source ip.

Can someone explain me how todo this with Checkpoint?

thanks, Sven

Reply to
Sven De Troch
Loading thread data ...

Thanks for the advice. .... but if I understand 'client auth' well (we're already using this for MSSQL Enterprise Mgr traffic), the user should authenticate on port 900 via username/password --> what is not the intention. The access must be provided non-interactive, only based on the source ip, not via username/password.

thanks, Sven

Reply to
Sven De Troch

As far as I'm aware (but I hope someone can decline this), the only way to do it, is creating another website, on another IP address and creating an extra rule on this ip-address? ... but I would like to avoid using an extra ip address for this.

Sven

Reply to
Sven De Troch

Is there a good reason to do this on the firewall, as opposed to the web server? It should be pretty easy to do what you want to do in pretty much any webserver out there...

Joachim

Reply to
jKILLSPAM.schipper

Setup another website on the current webserver using host headers, pointing to the directory containing the file, then create a new webserver object. Add a new rule (above your current web rule) using Client Authentication in the Action field, Source being the particular IP address you want to allow access from. Create a username and password using FW1 Internal. Burn, test and adjust.

Wayne McGlinn Brisbane, Oz

Reply to
Wayne

hmmm, stupid me ;-) so focussed on the firewall that I forgot the obvious ...

thanks for putting me into the right direction!

Kind regards, Sven

Reply to
Sven De Troch

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.