Results 1 to 5 of 5

Thread: additonal protection with httpasswd

  1. #1
    tvone is offline Member
    Join Date
    Mar 2011
    Posts
    14
    Rep Power
    4

    Default additonal protection with httpasswd

    Hi,

    is it possible to enable a password authentication (Apache config), before being redirect to the main login page ? Only for External access

    regards

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    Quote Originally Posted by tvone View Post
    is it possible to enable a password authentication (Apache config), before being redirect to the main login page ? Only for External access
    Why would you want to make a user login twice to get to their email account?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    tvone is offline Member
    Join Date
    Mar 2011
    Posts
    14
    Rep Power
    4

    Default

    Hi Bill,

    thanks for your reply.

    Our Zimbra Mail Server(http Login page) is reachable from WAN (via DNS or IP). I had in mind that it would be more safe to ask for a additional password before you get access to the main mail login page. Simply to filter bruteforce-attacks or things like that. For all other employees which come via internal network will get directly to the login page .

    Regards

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    Quote Originally Posted by tvone View Post
    Our Zimbra Mail Server(http Login page) is reachable from WAN (via DNS or IP). I had in mind that it would be more safe to ask for a additional password before you get access to the main mail login page. Simply to filter bruteforce-attacks or things like that. For all other employees which come via internal network will get directly to the login page .
    Then why not implement a strong password policy (you can do that in the Admin UI) and/or something like fail2ban if you're concerned about brute force attacks? just adding two login pages doesn't really make you more secure unless you do something about what happens if a login fails or is apparently an 'attack'.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    tvone is offline Member
    Join Date
    Mar 2011
    Posts
    14
    Rep Power
    4

    Default

    Hi,

    fail2ban is a good tool and i think i will use it. The second point is, with an additional query you will not see the page immediately. And that means you have no oportunity to exploit security gaps in java, javascript,mysql etc. Because you will intercepted these previously. Correct me if i'm wrong

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. slapd general protection libtcmalloc_minimal
    By fcjoe in forum Administrators
    Replies: 1
    Last Post: 09-15-2011, 07:40 AM
  2. Enhanced black-list protection
    By mickier in forum Administrators
    Replies: 1
    Last Post: 01-31-2011, 10:28 AM
  3. Add Kaspersky protection to Zimbra
    By rajeshkodali in forum Administrators
    Replies: 3
    Last Post: 02-14-2008, 08:45 PM
  4. Anti-Spam Protection
    By padraig in forum Administrators
    Replies: 5
    Last Post: 11-27-2006, 10:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •