Hi, I have a running Ispconfig VPS Server with Debian 10 and have hosted my website. I also have a sub-domain, crm.mydomian.com & have hosted a web-based application in PHP on this sub-domain. My office people connect to this CRM. Now we want to allow access ONLY to authorized staff through a VPN connection( Already OpenVPN Server is installed). I would request if someone can help me to guide how to set up an environment so that office/field staff can ONLY access applications remotely using a VPN connection. Please guide Thanks in advance Regards, Abin
You can use ip based restrictions on that vhost to limit access to the ip addresses of your VPN address pool. The are examples you can find searching the forums here, just be sure you are looking at instructions for your web server (apache or nginx).
Does Debian have UFW, I have it on Ubuntu and it's Debian based. If so then you just need a couple of rules. Code: sudo -s Code: ufw status if inactive Code: ufw enable permit anybody with 10.1.x.x ip address Code: ufw allow from 10.1.0.0/16 permit anybody with 10.1.1.x ip address Code: ufw allow from 10.1.1.0/24 Deny everybody else Code: ufw default deny incoming The order matters, if you need to add rules later: ufw status numbered ufw insert <number> allow/deny from w.x.y.z Adjust it to fit your needs, The rule of thumb, the smaller the CIDR notation used, the more usable ip addresses as follow: /32 = 1 /24 = 254 /16 = 65,534 /8 = 16,777,214 I didn't know the available ip's off the top of my head, here is the link to the page its extracted from and some useful networking info. https://www.freecodecamp.org/news/s...and-other-ip-address-cidr-network-references/ Either way, firewall rules are what you need. If i have misunderstood your needs please clarify.
Dear Sir, Thank you for the reply. My server is on Apache I have searched the forum also & tried as instructed on this thread https://www.howtoforge.com/community/threads/website-restriction.86975/ It works! But, I am looking to add a port number at the end to the sub-domain (crm.mydomain.com: port number) like we access ispconfig https:// Ip address followed by:8080 Please guide how to bind a particular sub-domain or domain or IP address followed by a port number Thx!
Dear Sir, Thank you for the reply. I will study first the article suggested by you & try to understand Just a quick question, what does the IP address means "10.1.x.x ip address" ? Does it mean 10.1.0.0 or 10.1.0.1 or 10.1.1.0 followed by my server IP address to be used in the commands mentioned in your post about ufw Regards,
It means IP Address of the form 10.1.x.x where x is replaced with number betweeen 0 and 255. Those are Private Address Space IP-numbers defined in RFC 1918. I guess the author uses them in his/her intranet.
Yes, ufw is available on debian, and the only current firewall supported by ISPConfig (the old bastille script included with ISPConfig doesn't support IPv6 and creates an inferior firewall in numerous ways). IP based firewall rules would be an excellent choice if access to the entire server should be restricted. (I had in mind restricting access to only the crm vhost, which would require apache config, but if you can limit in the firewall, do that instead - or both.)
