roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Moylan John" <John.Moy...@rte.ie>
Subject RE: restrict logins to IP range
Date Sun, 13 Jan 2008 15:56:25 GMT
Hi,

My LocationMatch regex got removed somewhere on route to the mailing list. I had been trying
to restrict access to login.do only.

However, this is not easy to do because security_check.jsp does a redirect and Apache thinks
all requests are coming from internal addresses. The best solution I found was to have two
virtualhosts, one listening on port 80 the other on port 443.
The port 80 host is available to outside users via the firewall but uses mod_rewrite conditions
to proxy only certain pages.
The virtual server on port 443 is made available to internal users only, again via the firewall.
The port 443 host has the entire roller application mounted and encrypts account credentials
using mod_ssl.



J


-----Original Message-----
From: Dave [mailto:snoopdave@gmail.com]
Sent: Sat 1/12/2008 03:24
To: user@roller.apache.org
Subject: Re: restrict logins to IP range
 
On Jan 8, 2008 10:14 AM, john moylan <eieieieieieieieieiei@hotmail.com> wrote:
> I'm using Roller 3.1 with Apache 2.0, JBoss 4.05 and mod_jk on Linux.
> I am trying to restrict access so that users can only login from a single ip range.
> I have tried using the LocationMatch directive in apache, eg:
>         Order Deny,Allow
>         Deny from All
>         Allow from 192.168.
>
> But this does not seem to have any effect.
>
> Can anyone explain the best way to restrict logins to certain IP ranges?

I don't know enough Apache HTTPD conf to help. That's probably a
question for the HTTPD mailing list.

But, if you deny access from all like that you'll be completely
preventing access, not just preventing logins. Is that really what you
want to do?

- Dave

***********************************************************
The information in this e-mail is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this e-mail by anyone else
is unauthorised. If you are not the intended recipient, any disclosure,
copying, distribution, or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful.
Please note that emails to, from and within RTÉ may be subject to the Freedom
of Information Act 1997 and may be liable to disclosure.
************************************************************

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message