[opencms-dev] Securing OpenCms Workplace in a Apache/Tomcat Setup

Christian Steinert christian_steinert at web.de
Tue May 11 14:33:07 CEST 2010


On 11.05.2010 04:17, Ahmed M. wrote:
> That is certainly something I do not want possible. So, I added an 
> Apache <Location> directive to deny access to '/opencms/system/' path, 
> and it seems to be working fine. However, my question to you is: is 
> denying the above location sufficient? are there any other paths I 
> need to be aware of?
/opencms/system should cover /almost/ everything.

However, there is a separate servlet that is used as internal end-point 
for static export, it seems. Take a look at the URL prefixes in 
opencms's web.xml. If you block external access to this url space as 
well, then there should be nothing left to worry about.

Kind regards
Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20100511/c7552609/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4738 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20100511/c7552609/attachment.bin>


More information about the opencms-dev mailing list