Restrict web tools app to local access only

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Restrict web tools app to local access only

Boris Hamanov
Hi guys and gals,



Currently my web tools front end is running in OFBiz and is accessible from the whole wide world (www) just like the ecommerce store.

I don’t like that a bit. Although it is protected by strong password.

Can I restrict that app access to certain IP addresses or from local host only?

It would be best if that application can run on different port altogether or listening on 127.0.0.1 interface only. Or both

Any experience with this, please?


Kind Regards,
Boris
Reply | Threaded
Open this post in threaded view
|

Re: Restrict web tools app to local access only

Mike Z
See the recent thread (about a week ago) called:

 "Removing port number from the url in production setup"

Restricting webtools access was recently discussed.  Basically, you need to
place apache in front of ofbiz.

Mike


On Wed, Jun 6, 2012 at 11:32 AM, Boris Hamanov <[hidden email]> wrote:

> Hi guys and gals,
>
>
>
> Currently my web tools front end is running in OFBiz and is accessible
> from the whole wide world (www) just like the ecommerce store.
>
> I don’t like that a bit. Although it is protected by strong password.
>
> Can I restrict that app access to certain IP addresses or from local host
> only?
>
> It would be best if that application can run on different port altogether
> or listening on 127.0.0.1 interface only. Or both
>
> Any experience with this, please?
>
>
> Kind Regards,
> Boris
Reply | Threaded
Open this post in threaded view
|

Re: Restrict web tools app to local access only

hans_bakker
In reply to this post by Boris Hamanov
You can also use the virtual host parameter in the the
ofbiz-component.xml file which will block the webtools from the same url...

an explanation can be found here:
http://www.antwebsystems.com/control/ViewBlogArticle?contentId=18704

Regards,
Hans

On 06/07/2012 01:32 AM, Boris Hamanov wrote:

> Hi guys and gals,
>
>
>
> Currently my web tools front end is running in OFBiz and is accessible from the whole wide world (www) just like the ecommerce store.
>
> I don’t like that a bit. Although it is protected by strong password.
>
> Can I restrict that app access to certain IP addresses or from local host only?
>
> It would be best if that application can run on different port altogether or listening on 127.0.0.1 interface only. Or both
>
> Any experience with this, please?
>
>
> Kind Regards,
> Boris

Reply | Threaded
Open this post in threaded view
|

Re: Restrict web tools app to local access only

Mike Z
Hey Hans.  I tried this method a while back, but it didn't work because I
found out that I needed:

    proxyPass /content   ajp://127.0.0.1:8009/content
    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles

Plus /images to make /ecommerce work.  Is there another way?


On Wed, Jun 6, 2012 at 6:13 PM, Hans Bakker
<[hidden email]>wrote:

> You can also use the virtual host parameter in the the ofbiz-component.xml
> file which will block the webtools from the same url...
>
> an explanation can be found here:
> http://www.antwebsystems.com/**control/ViewBlogArticle?**contentId=18704<http://www.antwebsystems.com/control/ViewBlogArticle?contentId=18704>
>
> Regards,
> Hans
>
>
> On 06/07/2012 01:32 AM, Boris Hamanov wrote:
>
>> Hi guys and gals,
>>
>>
>>
>> Currently my web tools front end is running in OFBiz and is accessible
>> from the whole wide world (www) just like the ecommerce store.
>>
>> I don’t like that a bit. Although it is protected by strong password.
>>
>> Can I restrict that app access to certain IP addresses or from local host
>> only?
>>
>> It would be best if that application can run on different port altogether
>> or listening on 127.0.0.1 interface only. Or both
>>
>> Any experience with this, please?
>>
>>
>> Kind Regards,
>> Boris
>>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Restrict web tools app to local access only

hans_bakker
Hi Mike,

There are 2 solutions to this problem but you have to assign a separate
domainname to ofbiz ecommerce and a separate domain to the backend.

1. via symbolic links (which can also be stored in svn: (used at
http://www.antwebsystems.com)
Then in the webapp directory make symbolic links to the framework images
dir
images -> ../../../../framework/images/webapp/images
tempfiles -> ../../../../runtime/tempfiles/

2. use the content prefix in the website entity at
http://ofbizsaas.ofbizdemo.com
add a prefix to the backend url to get the images and tempfiles.

Regards,
Hans


On 06/07/2012 02:50 PM, Mike wrote:

> Hey Hans.  I tried this method a while back, but it didn't work because I
> found out that I needed:
>
>      proxyPass /content   ajp://127.0.0.1:8009/content
>      proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
>      proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
>
> Plus /images to make /ecommerce work.  Is there another way?
>
>
> On Wed, Jun 6, 2012 at 6:13 PM, Hans Bakker
> <[hidden email]>wrote:
>
>> You can also use the virtual host parameter in the the ofbiz-component.xml
>> file which will block the webtools from the same url...
>>
>> an explanation can be found here:
>> http://www.antwebsystems.com/**control/ViewBlogArticle?**contentId=18704<http://www.antwebsystems.com/control/ViewBlogArticle?contentId=18704>
>>
>> Regards,
>> Hans
>>
>>
>> On 06/07/2012 01:32 AM, Boris Hamanov wrote:
>>
>>> Hi guys and gals,
>>>
>>>
>>>
>>> Currently my web tools front end is running in OFBiz and is accessible
>>> from the whole wide world (www) just like the ecommerce store.
>>>
>>> I don’t like that a bit. Although it is protected by strong password.
>>>
>>> Can I restrict that app access to certain IP addresses or from local host
>>> only?
>>>
>>> It would be best if that application can run on different port altogether
>>> or listening on 127.0.0.1 interface only. Or both
>>>
>>> Any experience with this, please?
>>>
>>>
>>> Kind Regards,
>>> Boris
>>>