Okay, so here's the story:
I administrate a server running a web application on my internal LAN, say foo:1234. My team uses this actively.
We have now decided to make this application accessible from outside our network – but we don't want to install it on our webserver. I have forwarded an external port (say 5678) on our (DDWRT) router to foo:1234, and this works fine.
The problem though, is that due to certain configuration issues anyone can view the page without being logged in, if they know the URL. I want to prevent that in some way.
I created a page (with login) on our web server, that redirects to router:5678 after authentication, but that's not really a solution; router:5678 is still publicly accessible.
My question: How can I set it up so that the port gets forwarded only after authentication?
Best Answer
A common way to handle this situation is to place an authenticating reverse proxy (e.g., apache) in front of the web server.
See e.g. http://thelowedown.wordpress.com/2008/10/12/reverse-proxy-with-apache/