[opencms-dev] Securing OpenCms workplace login

Jeremy Cavagnolo jeremy at paradoxcomponents.com
Wed Feb 9 21:07:55 CET 2005 

Hello:

I have been working with opencms 6alpha3 for about a month now, and have
finally set up apache (2.0.51) with mod_proxy to serve multiple sites,
thanks to some good discussion on this list and the mod_proxy, etc
documentation.  I would now like to protect passwords with https.  
The relevant http.conf that I am working with is posted below.  With
this configuration, when I go to
http://cms.mainserver.com/system/login/  I am appropriately redirected
to https://www.mainserver.com/system/login/ and the login page comes up
correctly.  However, after I enter a username and password, the
workplace window opens, but I am prompted with a username/password
dialog.  This dialog is issued by the cms.mainserver.com virtual host,
and is unprotected.  Can anyone find some obvious mistakes in my
configuration, or suggest methods that they have used to achieve
password security?

Any help is appreciated,

-jeremy


<VirtualHost _default_:443>
ServerName www.mainserver.com:443
ProxyPass   /system/login/   http://localhost:8083/opencms/system/login/
ProxyPassReverse /system/login/ \        
                  http://localhost:8083/opencms/system/login/
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/system/login.*
RewriteCond %{REQUEST_URI} ^/system.*
RewriteRule ^/(.*) http://cms.mainserver.com/$1 [R,L]
</VirtualHost>

# cms server
<VirtualHost *:80>
ServerName cms.mainserver.com

ProxyErrorOverride On
ProxyPass           /opencms/        !
RedirectPermanent   /opencms/        http://cms.alf-learning.org/

ProxyPass           /resources/      !
ProxyPass           /export/         !

ProxyPass           /                http://localhost:8083/opencms/
ProxyPassReverse    /                http://localhost:8083/opencms/
                                                                                                                            
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/system/login.*
RewriteRule ^/(.*) https://www.mainserver.com/$1 [L,R]
</VirtualHost>

# first site
<VirtualHost *:80>
ServerName www.site1.com
ProxyPass         /release/          !
RedirectPermanent /release/          http://www.site2.com/release/

ProxyPass         /opencms/          !
RedirectPermanent /opencms/          http://www.site1.com/

ProxyPass         /resources/        !
ProxyPass         /export/           !

ProxyPass         /                  http://localhost:8081/opencms/
ProxyPassReverse  /                  http://localhost:8081/opencms/
</VirtualHost>

#second site
<VirtualHost *:80>
ServerName site2.com

ProxyPass         /opencms/          !
RedirectPermanent /opencms/          http://site2.com/

ProxyPass         /resources/        !
ProxyPass         /export/           !

ProxyPass         /                  http://localhost:8082/opencms/
ProxyPassReverse  /                  http://localhost:8082/opencms/
</VirtualHost>

More information about the opencms-dev mailing list