[opencms-dev] Securing OpenCms Workplace in a Apache/Tomcat Setup

Ahmed M. publists at gmail.com
Tue May 11 04:17:29 CEST 2010


Hello all,
 
I'm using Apache as a frontend that serves statically exported resources,
and Tomcat as the application server. I followed the guide on the wiki and
some tips from other places to get the setup working. (and it is working
fine now) Tomcat is run on port 8080, which is firewalled. Suppose that
OpenCms 7.0.5 servlet name is "opencms."
 
I recently realized that anyone could access the workplace over port 80
(apache and mod_proxy), by simply going to:
/opencms/system/login/index.html.
 
That is certainly something I do not want possible. So, I added an Apache
<Location> directive to deny access to '/opencms/system/' path, and it seems
to be working fine. However, my question to you is: is denying the above
location sufficient? are there any other paths I need to be aware of?
 
Your insight is much appreciated.
 
Thank you!
Ahmed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20100511/7a394983/attachment.htm>


More information about the opencms-dev mailing list