0

I am thinking of methods to restrict public users from accessing sites on our staging server. The best method I can think of at the moment is use:

Deny from all
Allow IP Addresses

If I add this to vhost configuration then it will do what I need.

Is there any better ways of doing this? If I added our work based IP address to each vhost configuration and then the IP address was changed for any reason it would be pretty annoying to modify each one.

Also, some of the sites have test order information on, is this a secure method for doing this?

Thanks in advance,

Ian

Ian Jamieson
  • 4,376
  • 2
  • 35
  • 55

1 Answers1

0

Since an IP address can be spoofed this is not 100% secure. You may want to look at adding basic authentication where you can manage users and passwords rather than ip address (you may be able to leverage an exisiting identity system to make this easier (e.g. LDAP etc.).

Looking beyond that you may want to look at chef or puppet to automate the management of your users.

Steve Robillard
  • 13,445
  • 3
  • 36
  • 32