[opencms-dev] Securing OpenCms workplace login
Alexander Kandzior
alex at opencms.org
Thu Feb 10 09:41:59 CET 2005
You configuration looks ok, even though I didn't check every detail.
What does the opencms site configuration look like?
And what about Tomcat server.xml?
Best Regards,
Alex.
Alexander Kandzior
Alkacon Software - The OpenCms Experts
http://www.alkacon.com
> -----Original Message-----
> From: opencms-dev-bounces at opencms.org
> [mailto:opencms-dev-bounces at opencms.org] On Behalf Of Jeremy Cavagnolo
> Sent: Wednesday, February 09, 2005 9:08 PM
> To: opencms-dev at opencms.org
> Subject: [opencms-dev] Securing OpenCms workplace login
>
> Hello:
>
> I have been working with opencms 6alpha3 for about a month
> now, and have finally set up apache (2.0.51) with mod_proxy
> to serve multiple sites, thanks to some good discussion on
> this list and the mod_proxy, etc documentation. I would now
> like to protect passwords with https.
> The relevant http.conf that I am working with is posted
> below. With this configuration, when I go to
> http://cms.mainserver.com/system/login/ I am appropriately
> redirected to https://www.mainserver.com/system/login/ and
> the login page comes up correctly. However, after I enter a
> username and password, the workplace window opens, but I am
> prompted with a username/password dialog. This dialog is
> issued by the cms.mainserver.com virtual host, and is
> unprotected. Can anyone find some obvious mistakes in my
> configuration, or suggest methods that they have used to
> achieve password security?
>
> Any help is appreciated,
>
> -jeremy
>
>
> <VirtualHost _default_:443>
> ServerName www.mainserver.com:443
> ProxyPass /system/login/
> http://localhost:8083/opencms/system/login/
> ProxyPassReverse /system/login/ \
> http://localhost:8083/opencms/system/login/
> RewriteEngine On
> RewriteCond %{REQUEST_URI} !^/system/login.* RewriteCond
> %{REQUEST_URI} ^/system.* RewriteRule ^/(.*)
> http://cms.mainserver.com/$1 [R,L] </VirtualHost>
>
> # cms server
> <VirtualHost *:80>
> ServerName cms.mainserver.com
>
> ProxyErrorOverride On
> ProxyPass /opencms/ !
> RedirectPermanent /opencms/ http://cms.alf-learning.org/
>
> ProxyPass /resources/ !
> ProxyPass /export/ !
>
> ProxyPass / http://localhost:8083/opencms/
> ProxyPassReverse / http://localhost:8083/opencms/
>
>
> RewriteEngine On
> RewriteCond %{REQUEST_URI} ^/system/login.* RewriteRule
> ^/(.*) https://www.mainserver.com/$1 [L,R] </VirtualHost>
>
> # first site
> <VirtualHost *:80>
> ServerName www.site1.com
> ProxyPass /release/ !
> RedirectPermanent /release/ http://www.site2.com/release/
>
> ProxyPass /opencms/ !
> RedirectPermanent /opencms/ http://www.site1.com/
>
> ProxyPass /resources/ !
> ProxyPass /export/ !
>
> ProxyPass / http://localhost:8081/opencms/
> ProxyPassReverse / http://localhost:8081/opencms/
> </VirtualHost>
>
> #second site
> <VirtualHost *:80>
> ServerName site2.com
>
> ProxyPass /opencms/ !
> RedirectPermanent /opencms/ http://site2.com/
>
> ProxyPass /resources/ !
> ProxyPass /export/ !
>
> ProxyPass / http://localhost:8082/opencms/
> ProxyPassReverse / http://localhost:8082/opencms/
> </VirtualHost>
>
>
>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list To
> change your list options, or to unsubscribe from the list,
> please visit http://mail.opencms.org/mailman/listinfo/opencms-dev
>
>
More information about the opencms-dev
mailing list