Hi guys and gals,
Currently my web tools front end is running in OFBiz and is accessible from the whole wide world (www) just like the ecommerce store. I don’t like that a bit. Although it is protected by strong password. Can I restrict that app access to certain IP addresses or from local host only? It would be best if that application can run on different port altogether or listening on 127.0.0.1 interface only. Or both Any experience with this, please? Kind Regards, Boris |
See the recent thread (about a week ago) called:
"Removing port number from the url in production setup" Restricting webtools access was recently discussed. Basically, you need to place apache in front of ofbiz. Mike On Wed, Jun 6, 2012 at 11:32 AM, Boris Hamanov <[hidden email]> wrote: > Hi guys and gals, > > > > Currently my web tools front end is running in OFBiz and is accessible > from the whole wide world (www) just like the ecommerce store. > > I don’t like that a bit. Although it is protected by strong password. > > Can I restrict that app access to certain IP addresses or from local host > only? > > It would be best if that application can run on different port altogether > or listening on 127.0.0.1 interface only. Or both > > Any experience with this, please? > > > Kind Regards, > Boris |
In reply to this post by Boris Hamanov
You can also use the virtual host parameter in the the
ofbiz-component.xml file which will block the webtools from the same url... an explanation can be found here: http://www.antwebsystems.com/control/ViewBlogArticle?contentId=18704 Regards, Hans On 06/07/2012 01:32 AM, Boris Hamanov wrote: > Hi guys and gals, > > > > Currently my web tools front end is running in OFBiz and is accessible from the whole wide world (www) just like the ecommerce store. > > I don’t like that a bit. Although it is protected by strong password. > > Can I restrict that app access to certain IP addresses or from local host only? > > It would be best if that application can run on different port altogether or listening on 127.0.0.1 interface only. Or both > > Any experience with this, please? > > > Kind Regards, > Boris |
Hey Hans. I tried this method a while back, but it didn't work because I
found out that I needed: proxyPass /content ajp://127.0.0.1:8009/content proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles Plus /images to make /ecommerce work. Is there another way? On Wed, Jun 6, 2012 at 6:13 PM, Hans Bakker <[hidden email]>wrote: > You can also use the virtual host parameter in the the ofbiz-component.xml > file which will block the webtools from the same url... > > an explanation can be found here: > http://www.antwebsystems.com/**control/ViewBlogArticle?**contentId=18704<http://www.antwebsystems.com/control/ViewBlogArticle?contentId=18704> > > Regards, > Hans > > > On 06/07/2012 01:32 AM, Boris Hamanov wrote: > >> Hi guys and gals, >> >> >> >> Currently my web tools front end is running in OFBiz and is accessible >> from the whole wide world (www) just like the ecommerce store. >> >> I don’t like that a bit. Although it is protected by strong password. >> >> Can I restrict that app access to certain IP addresses or from local host >> only? >> >> It would be best if that application can run on different port altogether >> or listening on 127.0.0.1 interface only. Or both >> >> Any experience with this, please? >> >> >> Kind Regards, >> Boris >> > > |
Hi Mike,
There are 2 solutions to this problem but you have to assign a separate domainname to ofbiz ecommerce and a separate domain to the backend. 1. via symbolic links (which can also be stored in svn: (used at http://www.antwebsystems.com) Then in the webapp directory make symbolic links to the framework images dir images -> ../../../../framework/images/webapp/images tempfiles -> ../../../../runtime/tempfiles/ 2. use the content prefix in the website entity at http://ofbizsaas.ofbizdemo.com add a prefix to the backend url to get the images and tempfiles. Regards, Hans On 06/07/2012 02:50 PM, Mike wrote: > Hey Hans. I tried this method a while back, but it didn't work because I > found out that I needed: > > proxyPass /content ajp://127.0.0.1:8009/content > proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > Plus /images to make /ecommerce work. Is there another way? > > > On Wed, Jun 6, 2012 at 6:13 PM, Hans Bakker > <[hidden email]>wrote: > >> You can also use the virtual host parameter in the the ofbiz-component.xml >> file which will block the webtools from the same url... >> >> an explanation can be found here: >> http://www.antwebsystems.com/**control/ViewBlogArticle?**contentId=18704<http://www.antwebsystems.com/control/ViewBlogArticle?contentId=18704> >> >> Regards, >> Hans >> >> >> On 06/07/2012 01:32 AM, Boris Hamanov wrote: >> >>> Hi guys and gals, >>> >>> >>> >>> Currently my web tools front end is running in OFBiz and is accessible >>> from the whole wide world (www) just like the ecommerce store. >>> >>> I don’t like that a bit. Although it is protected by strong password. >>> >>> Can I restrict that app access to certain IP addresses or from local host >>> only? >>> >>> It would be best if that application can run on different port altogether >>> or listening on 127.0.0.1 interface only. Or both >>> >>> Any experience with this, please? >>> >>> >>> Kind Regards, >>> Boris >>> |
Free forum by Nabble | Edit this page |