Chapter 14. Controlling Access to Your Web Server

Organizations run web servers because they are an easy way to distribute information to people on the Internet. But sometimes you don’t want to distribute your information to everybody. Why not?

  • You might have information on your web server that is intended only for employees of your organization.

  • You might have an electronic publication that contains general-interest articles that are free, and detailed technical articles that are only available to customers who have paid a monthly subscription fee.

  • You might have confidential technical information that is only for customers who have signed nondisclosure agreements.

  • You might have a web-based interface to your order-entry system: you can save money by letting your nationwide sales force access the web site using local Internet service providers, rather than having every person make long-distance calls every day, but you need a way of prohibiting unauthorized access.

All of these scenarios have different access control requirements. Fortunately, today’s web servers have a variety of ways to restrict access to information.

Access Control Strategies

There are a variety of techniques that are being employed today to control access to web-based information:

  • Restricting access by using URLs that are “secret” (hidden) and unpublished

  • Restricting access to a particular group of computers based on those computers’ Internet addresses

  • Restricting access to a particular group of users based on their ...

Get Web Security and Commerce now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.