[opencms-dev] a question about secure site configuration

Fri Jun 29 18:19:12 CEST 2018

Hi List,

So following the apache webserver configuration in the documentation we setup virtual hosts for a secure workplace server "https://opencms.example.com", and an unsecured site "http://www.example.com"
We also put in the rules to serve only secure sites, what we want however is to serve up "https://www.example.com" to all visitors with only the workplace server "https://opencms.example.com" being visible only to those who have a user account for the workplace. One of the things we tried doing is creating a secure virtual host for "https://www.example.com" and redirecting all http requests to https and then having the login and workplace urls redirect to the workplace server url "https://opencms.example.com", which seems to work such that when an account holder logs in they are redirected to the workplace server url and are able to edit the site and use the workplace function, however public visitors are still able to view the site from the workplace server url as if they were viewing it from "https://www.example.com" or "http://www.example.com", went it should only be account holders who can see the workplace url, any ideas on how to fix this? We do not want to restrict access to the workplace via ip range as account holders will be accessing from various devices and networks.

Cheers,
Gratian Francis
Junior Programmer Analyst
CancerCare Manitoba
CC40-825 Sherbrook Street
Winnipeg, MB R3A 1M5
Cell: 204-794-1230
gfrancis2 at cancercare.mb.ca<mailto:gfrancis2 at cancercare.mb.ca>

[CCMB-master-logo-cmyk]

Planned Absences 2018:
April 20th -23rd
May 30th - June 5th
July 3rd -6th
December 24th - Jan 1st

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20180629/1d38cc7d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3835 bytes
Desc: image001.jpg
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20180629/1d38cc7d/attachment.jpg>
-------------- next part --------------
This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information.  Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited.  If you receive this transmission in error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20180629/1d38cc7d/attachment-0001.htm>