[ previous ] [ next ] [ threads ]
 
 From:  "Sancho2k.net Lists" <lists at sancho2k dot net>
 To:  Adam Emery <subscribe at aehome dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Feature request
 Date:  Sun, 03 Apr 2005 21:05:56 -0600
Adam Emery wrote:
> i was using the telnet/ssh thing as an example.  I don't understand why you
> would want to do that.  Its sort of like webmin with ssl giving you a This
> web server is running in SSL mode. Try the URL https://192.168.1.150:65530/
> instead when you go to http instead of https.  I personally feel it is
> better to lock everything down.  Again, that is just a personal thing.

We're arguing the same side of this without seeing it.

The idea *is* to lock it down. By redirecting explicitly connections on
port 80 to port 443, you make it so there is no chance that the
administrator will use the unencrypted channel. Call it another layer of
security.

DS


> 
> -----Original Message-----
> From: Sancho2k.net Lists [mailto:lists at sancho2k dot net] 
> Sent: Sunday, April 03, 2005 8:53 PM
> To: Adam Emery
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Feature request
> 
> Adam Emery wrote:
> 
>>Don't take this the wrong way but why would you want to do this?  To me
> 
> this
> 
>>would be like changing a telnet or ssh port for security but having the
> 
> box
> 
>>accept it anyway. 
> 
> 
> I think you're misunderstanding (or else I am.) It seems they want to
> redirect connections to the web interface that would go to port 80
> (cleartext) to port 443 (https). A 403 style redirect. Not just have it
> listen on a different port.
> 
> It is a sound idea, that way you can enforce admin access over SSL.
> 
> DS
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>