It has been suggested that the admin section of a custom CMS we use require VPN access to reach. How feasible is this? The site has a front end http://thesite.com and a backend http://thesite.com/admin so how feasible is it to set things up so that anyone accessing the admin areas has to log in via VPN?
I have some experience in setting up an openvpn server (under Ubuntu... this one is under CentOS) but that was for use as a secure proxy for access from remote locations (i.e. fire up the laptop, login to the VPN and surf securely). This situation is different as, in an effort to help secure a too frequently hacked site, the owner has decided a VPN is the solution.
So, is this doable? Completely the wrong direction? We are working on securing this mess of code (and have closed some vulnerabilities) but in the meantime... suggestions/tips/links?
"Doable" by limiting admin applications/access to either local net, loop-back or same IP/net (depending on your specific configuration and requirements), so that the "from" IP will only match those conditions when it is through the VPN.