On Mon, 2012-04-02 at 09:59 -0500, Les Mikesell wrote:
On Mon, Apr 2, 2012 at 9:39 AM, Peter Eckel lists@eckel-edv.de wrote:
When there really is a requirement that the external server allows
only a single address to access it and that can't be changed, you could resort to using a proxy. What is typical or reasonable for source address restrictions?
To dispose of them; they are hopelessly pointless. If you want to authenticate the source use PKI.
I know they exist and have personally had to deal with them. That doesn't imply they make any kind of sense.
That is, if there are 2 global organizations, and one wants to increase the security on access to a service by limiting to the source addresses that might come from the other, is there a sane way to specify it, and to make the application use those addresses at the right times if the interface has others?
If two organizations want to communicate, exclusively and privately, with each other they should establish a tunnel.