lighttpd domain access restriction, but not always static ip

Question

How can i allow access to a domain in lighttpd for only some of my own machines when they don't have (always) a static ip?

score 0 · Accepted Answer · answered Oct 12 '09 at 09:13

One possibility would be to set up a firewall and to packet filter it based on MAC addresses, which should be static even for dynamic IPs.

You could also rely on mod_auth and only allow authenticated connections to these domains.

A bit more complex than a network based solution but you could possibly rely on SSL client authentication.

Set up a SSL proxy e.g. pound. Make it listen to port 443 (or other port) and forward connections to the server running lighttpd.
Configure pound to verify client certs using your own CA and automatically reject invalid client certificates.
Install client certs generated by your own CA on the client browsers.
Configure lighttpd to only accept connections from pound for the specific domains. If pound was installed on the same machine, only accept connections from the localhost.
Access these domains over SSL.

1 Answers1