Use CP as authentication proxy for web services on WAN?
I need to set up an additional layer of authenticaton on a web interface of a mailserver. I it possible to use the captive portal on the WAN port for this?
Essentially, there is a mailserver with a webmail interface publicy reachable on the internet on port 80/443 (for the ActiveSync devices). Some people are allowed to use webmail in their browser, some are not. Since I can't tell the mailserver which user is allowed and which is not, I need a layer of authentication in between.
I thought about using either the internal user database or a connection to a radius server to authenticate users in the captive portal. Those who access the CP in their browser have to authenticate and are then forwarded to the web server interface.
I also enter the MAC addresses of the ActiveSync devices so they get whitelisted.
Do you think this is possible, or do I have some logic flaw in here? Thanks!