Use CP as authentication proxy for web services on WAN?



  • Hi,

    I need to set up an additional layer of authenticaton on a web interface of a mailserver. I it possible to use the captive portal on the WAN port for this?

    Essentially, there is a mailserver with a webmail interface publicy reachable on the internet on port 80/443 (for the ActiveSync devices). Some people are allowed to use webmail in their browser, some are not. Since I can't tell the mailserver which user is allowed and which is not, I need a layer of authentication in between.

    I thought about using either the internal user database or a connection to a radius server to authenticate users in the captive portal. Those who access the CP in their browser have to authenticate and are then forwarded to the web server interface.

    I also enter the MAC addresses of the ActiveSync devices so they get whitelisted.

    Do you think this is possible, or do I have some logic flaw in here? Thanks!


Log in to reply