Password protecting Apache Site for external users only

In order to make an intranet an extranet, you need to place the intranet on a server in the DMZ.
From here, configure a virtual server accordingly (e.g. intranet.site.com.au)

You will need to configure on an internal DNS (or smoothwall /etc/hosts when using a webproxy) a reference to intranet.site.com.au

Your global DNS for site.com.au should not have intranet specified. This should be invalid in some way. For example in my sites, I have a catch all domain that is an unknown.site.com.au and with wildcard DNS, any invalid domain URL’s in the *.site.com.au go here. For example, try http://intranet.ucb.com.au

Now, within your Apache Httpd conf VirtualHost directive you need to add the following.


<Directory "/home/intranet/www">
  Options Indexes

  Order deny,allow
  Deny from all
  Allow from 192.168.100
  Allow from 10.1.1
  Require valid-user
  Satisfy any

  AllowOverride AuthConfig
  AuthType Basic
  AuthName "Administration Access Only"
  AuthUserFile /home/intranet/.htaccess
</Directory>

You just need to create the appropiate .htaccess file, and restart Apache httpd. Access from the internal network is allowed via IP, and everything else must use the authentication model used.

To setup external access, I created a sepearate subdomain called extranet. To further restrict this past basic access, I configured to to connect to the firewall only on port 81, and then had a rule to redirect to port 80 on the DMZ machine.

So what I ended up with was:

http://intranet.site.com.au internally accesses the intranet.
http://intranet.site.com.au externally redirects to a custom invalid/unknown subdomain page
http://extranet.site.com.au throws a browser not error
http://extranet.site.com.au:81 prompts for a username/password to access intranet.

Moving from standard Apache httpd install to virtual hosts

1. First you need to create an appropiate directory for virtual host. (Using the example of creating an intranet)

$ su –
$ useradd intranet
$ chmod 755 /home/intranet # needed for apache nobody process
$ cd /home/intranet
$ mkdir www logs
$ cd www
$ echo “<html>
<head>
<title>intranet test index</title>
</head><body></body></html>
” > index.htm

2. Second, you need to reconfig Apache Httpd for virtual host management.

$ cd /opt/httpd/conf
echo “Include conf/httpd.include” >> httpd.conf
$ vi httpd.include

NameVirtualHost 111.111.111.111
<VirtualHost 111.111.111.111>
    ServerAdmin webmaster@site.com.au
    DocumentRoot /home/intranet/www
    ServerName intranet.site.com.au
    ServerAlias intranet
    LogLevel info
    ErrorLog /home/intranet/logs/error.log
    CustomLog /home/intranet/logs/access.log combined
</VirtualHost>

3. Reboot Apache Httpd

$ apachectl graceful

Configuring SSH for automated rsync

In order to rsync files between two servers in an automated sense, you need to setup an appropiate SSH key between both the source and destination servers.

Destination Server

$ cd
$ mkdir .ssh
$ chmod 700 .ssh

Source Server

$ cd
$ mkdir .ssh
$ chmod 700 .ssh
$ ssh-keygen -t rsa
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/userch/.ssh/id_rsa.pub.
$ scp id_rsa.pub user@destination.server:.ssh

Destination Server

$ cd .ssh
$ cat id_rsa.pub >> authorized_keys
$ chmod 600 authorized_keys

Source Server
$ ssh user@destination.server

Should it not work, and you are prompted with password the ‘-v’ option may provide some more information to diagnose the problem.

Throttling the CPU on my laptop

Using CentOS 4.1 as the Operating System on my laptop for all my work, I’ve been able to throttle down my CPU when running on battery power to extend my battery life, much like the modes that Windoze provides.

$ echo 5 > /proc/acpi/processor/CPU0/throttling

If you want to go back up again:

$ echo 0 > /proc/acpi/processor/CPU0/throttling

Not to be thrown, the output of this file looks like:


[root@lamda ~]# cat /proc/acpi/processor/CPU0/throttling
state count:             8
active state:            T7
states:
    T0:                  00%
    T1:                  12%
    T2:                  25%
    T3:                  37%
    T4:                  50%
   *T5:                  62%
    T6:                  75%
    T7:                  87%