On Mon, 2012-04-02 at 09:59 -0500, Les Mikesell wrote: > On Mon, Apr 2, 2012 at 9:39 AM, Peter Eckel <lists at eckel-edv.de> wrote: > > When there really is a requirement that the external server allows > only a single address to access it and that can't be changed, you > could resort to using a proxy. > What is typical or reasonable for source address restrictions? To dispose of them; they are hopelessly pointless. If you want to authenticate the source use PKI. I know they exist and have personally had to deal with them. That doesn't imply they make any kind of sense. > That > is, if there are 2 global organizations, and one wants to increase > the security on access to a service by limiting to the source > addresses that might come from the other, is there a sane way to > specify it, and to make the application use those addresses at the > right times if the interface has others? If two organizations want to communicate, exclusively and privately, with each other they should establish a tunnel. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20120402/c59c9181/attachment-0005.sig>