[Freedombox-discuss] public + private http services

Jonas Smedegaard dr at jones.dk
Mon Jul 15 10:31:50 UTC 2013


Quoting Timur Mehrvarz (2013-07-15 07:05:29)
> Hi, is there an agreed upon best practice on how to separate public 
> http services from those that shall only be accessible on the private 
> network? Private only services could be offered on a separate port and 
> the firewall would ensure that access to this port is shielded. One 
> could also offer public + private services on the same port, but make 
> sure - within the code - that private services will only respond to 
> requests coming from the internal network. Any other options? How do 
> you prefer to handle this? Thanks.

That's quite context-specific.  What makes best sense to one web service 
may make little sense to another - and may be completely broken for a 
nameserver.

...just as the term "private" is quite context-specific: What treasures 
I find picking my nose and what thoughts ran through my head when I saw 
the naked shoulder of a kid in the bus, are both "private" but tied to 
radically different boundaries than "accessible on the private network".


Good idea to try map out what are best practices for different contexts.  
I suggest creating a wiki page for that - but as hinted above I think it 
is usable only when also reflecting on the affected contexts:  One size 
does not fit all of FreedomBox.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130715/187fd724/attachment.sig>


More information about the Freedombox-discuss mailing list