[opencms-dev] Securing OpenCms Workplace in a Apache/Tomcat Setup
Christian Steinert
christian_steinert at web.de
Tue May 11 14:33:07 CEST 2010
On 11.05.2010 04:17, Ahmed M. wrote:
> That is certainly something I do not want possible. So, I added an
> Apache <Location> directive to deny access to '/opencms/system/' path,
> and it seems to be working fine. However, my question to you is: is
> denying the above location sufficient? are there any other paths I
> need to be aware of?
/opencms/system should cover /almost/ everything.
However, there is a separate servlet that is used as internal end-point
for static export, it seems. Take a look at the URL prefixes in
opencms's web.xml. If you block external access to this url space as
well, then there should be nothing left to worry about.
Kind regards
Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20100511/c7552609/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4738 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20100511/c7552609/attachment.bin>
More information about the opencms-dev
mailing list