
<html xmlns:ns1="http://www.exclaimer.co.uk">


<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=Generator content="Microsoft Word 10 (filtered)">


<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

@font-face

        {font-family:Verdana;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman";}

a:link, span.MsoHyperlink

        {color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {color:purple;

        text-decoration:underline;}

p

        {margin-right:0in;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman";}

span.emailstyle18

        {font-family:Arial;

        color:windowtext;}

span.emailstyle19

        {font-family:Arial;

        color:navy;}

span.emailstyle21

        {font-family:Arial;

        color:navy;}

span.EmailStyle210

        {font-family:Arial;

        color:navy;}

span.EmailStyle23

        {font-family:Arial;

        color:navy;}

@page Section1

        {size:8.5in 11.0in;

        margin:1.0in 1.25in 1.0in 1.25in;}

div.Section1

        {page:Section1;}

-->

</style>


</head>


<body lang=EN-US link=blue vlink=purple>


<div class=Section1>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>I think that will be ok.  I’m

using a custom module (templates, elements, etc)… and it seems to work

fine.  The mod_access is working on the URL in your browser (the client

request) and all paths to system resources are internal.</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>

<b><span style='font-weight:bold'>From:</span></b> opencms-dev-bounces@opencms.org

[mailto:opencms-dev-bounces@opencms.org] <b><span style='font-weight:bold'>On

Behalf Of </span></b>Jeff Moser<br>

<b><span style='font-weight:bold'>Sent:</span></b> </span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Tuesday,

 November 15, 2005</span></font><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'> </span></font><font

 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>2:44 PM</span></font><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>

<b><span style='font-weight:bold'>To:</span></b> The OpenCms mailing list<br>

<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]

proxying the admin tool</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Kevin,</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Will this work if I am

using a custom module for my site?  Won’t references to that module

require that external users access the /system/ directory?</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Let me know what you

think.  Thanks a ton for responding though!!</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Jeff </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<div>


<div class=MsoNormal align=center style='margin-left:.5in;text-align:center'><font

size=3 face="Times New Roman"><span style='font-size:12.0pt'>


<hr size=2 width="100%" align=center>


</span></font></div>


<p class=MsoNormal style='margin-left:.5in'><b><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Kelley, Kevin<br>

<b><span style='font-weight:bold'>Sent:</span></b> </span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Tuesday,

 November 15, 2005</span></font><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'> </span></font><font

 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>2:29 PM</span></font><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>

<b><span style='font-weight:bold'>To:</span></b> The OpenCms mailing list<br>

<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]

proxying the admin tool</span></font></p>


</div>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Hi Jeff, </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>I was hoping someone

would respond to this as well… but since they didn’t, I started

playing around with my apache config.</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>The following is what

I’ve come up with and on some basic testing it seems to work well. 

I will have to do some more rigorous testing.  I am using Apache 2.0.55

and Tomcat 5.5 on windows 2000 and 2003 machines with OpenCms 6.0.2</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>My requirements are

similar to yours I want to limit connections to the admin app to only IPs

originating from our companies subnet.  </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>All I did was make sure

the mod_access module is active in your httpd.conf file… should look

like:</span></font></p>


<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:

Arial;color:navy'><br clear=all style='page-break-before:always'>

</span></font>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>LoadModule access_module

modules/mod_access.so</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Then, in the virtual host

I setup for the application, I simply added the following:</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> <Location ~

"^/.*/system/.*$" ></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>     

Order Deny,Allow</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>     

Deny from all</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>     

Allow from 192.168.1.1</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>     

Allow from 192.168.1.2</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'></Location></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>This is basically saying

if the URL contains the system directory, deny all clients from accessing

except those at the IP addresses specified.  You can check out the apache

documentation on mod_access for more advanced configuration like specifying IP

ranges or subnets.</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'><a

href="http://httpd.apache.org/docs/2.0/mod/mod_access.html">http://httpd.apache.org/docs/2.0/mod/mod_access.html</a></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>I hope this helps and if

anyone sees anything wrong with this approach, please speak up!</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Kevin</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>

<b><span style='font-weight:bold'>From:</span></b>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Jeff Moser<br>

<b><span style='font-weight:bold'>Sent:</span></b> </span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Tuesday,

 November 15, 2005</span></font><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'> </span></font><font

 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>11:55 AM</span></font><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>

<b><span style='font-weight:bold'>To:</span></b> The OpenCms mailing list<br>

<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]

proxying the admin tool</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Does

anyone have any input on this?  I put this up about a week ago and have

not received a single reply.</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>To

summarize I am looking for a way to proxy out the OpenCMS workplace so that it

is not available on a production network.  The way I am doing it below 99%

works but has a few serious quirks like the upload applet not working.</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Please

help!</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>-Jeff </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<div>


<div style='margin-left:.5in'>


<div class=MsoNormal align=center style='margin-left:.5in;text-align:center'><font

size=3 face="Times New Roman"><span style='font-size:12.0pt'>


<hr size=2 width="100%" align=center>


</span></font></div>


</div>


<p class=MsoNormal style='margin-left:1.0in'><b><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Jeff Moser<br>

<b><span style='font-weight:bold'>Sent:</span></b> </span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Wednesday,

 November 09, 2005</span></font><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'> </span></font><font

 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>10:26 AM</span></font><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>

<b><span style='font-weight:bold'>To:</span></b> opencms-dev@opencms.org<br>

<b><span style='font-weight:bold'>Subject:</span></b> [opencms-dev] proxying

the admin tool</span></font></p>


</div>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>To all,<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Has anyone come up with a process

for proxying the admin tool to internal users only?  I am working with

OpenCMS 6 and have a production and development VLAN.  I would like to make

it so that the admin tool is not accessible on the production network

(externally available) but is accessible on the development network. 

Currently I have Apache setup to allow access to the proxy host on the

development VLAN using the following:<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>ProxyPass      

   /system/ http://production_server/system/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /system/ http://production_server/system/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPass          /export/

http://production_server/export/</span></font><font face=Arial><span

style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /export/ http://production_server/export/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPass          /resources/

http://production_server/resources/</span></font><font face=Arial><span

style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /resources/ http://production_server/resources/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPass          /opencms/

http://production_server/opencms/</span></font><font face=Arial><span

style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /opencms/ http://production_server/opencms/<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>This allows access to the Admin tool

from the proxy host; however the upload applet does not work.  I ran a

snoop on the requests being made through the proxy host for the upload applet

and it seems that the call to that upload jar file is being made directly to

the production host, not through the proxy.<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Any input on why this is happening

or perhaps a better method of proxying the admin tool would be greatly

appreciated!<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Regards,<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Jeff<u4:p></u4:p></span></font></p>


</div>


<div>


<p style='margin-left:1.0in'><strong><b><font size=1 color="#fe370b"

face=Verdana><span style='font-size:8.0pt;font-family:Verdana;color:#FE370B'>jeff.moser</span></font></b></strong><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>network administrator</span></font><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>tel 267.615.2682</span></font><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>cell 215.990.3467</span></font> </p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><strong><b><font size=1

color="#293133" face=Verdana><span style='font-size:8.0pt;font-family:Verdana;

color:#293133'>refinery</span></font></b></strong><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>top 30 </span></font><font size=1

  color="#293133" face=Verdana><span style='font-size:8.0pt;font-family:Verdana;

  color:#293133'>US</span></font><font size=1 color="#293133" face=Verdana><span

style='font-size:8.0pt;font-family:Verdana;color:#293133'> interactive agency</span></font><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'><ns1:HTML_ONLY w:insAuthor="Unknown" w:insDate="2005-11-15T14:40:00Z" w:endInsAuthor="Unknown" w:endInsDate="2005-11-15T14:40:00Z"><a

href="http://www.refinery.com/whitepapers.aspx"

title="http://www.refinery.com/whitepapers.aspx"><font color="#293133"><span

style='color:#293133'>Click for: Useful tips and sage advice on interactive. 5

Minute Whitepaper.</span></font></a></ns1:HTML_ONLY></span></font> </p>


</div>


</div>


</body>


</html>