
<html xmlns:ns1="http://www.exclaimer.co.uk">


<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=Generator content="Microsoft Word 10 (filtered)">


<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

@font-face

        {font-family:Verdana;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman";}

a:link, span.MsoHyperlink

        {color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {color:purple;

        text-decoration:underline;}

p

        {margin-right:0in;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman";}

span.EmailStyle18

        {font-family:Arial;

        color:windowtext;}

span.EmailStyle19

        {font-family:Arial;

        color:navy;}

span.EmailStyle21

        {font-family:Arial;

        color:navy;}

@page Section1

        {size:8.5in 11.0in;

        margin:1.0in 1.25in 1.0in 1.25in;}

div.Section1

        {page:Section1;}

-->

</style>


</head>


<body lang=EN-US link=blue vlink=purple>


<div class=Section1>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>Hi Jeff, </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>I was hoping someone would respond to this

as well… but since they didn’t, I started playing around with my

apache config.</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>The following is what I’ve come up

with and on some basic testing it seems to work well.  I will have to do

some more rigorous testing.  I am using Apache 2.0.55 and Tomcat 5.5 on windows

2000 and 2003 machines with OpenCms 6.0.2</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>My requirements are similar to yours I

want to limit connections to the admin app to only IPs originating from our

companies subnet.  </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>All I did was make sure the mod_access

module is active in your httpd.conf file… should look like:</span></font></p>


<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:

Arial;color:navy'><br clear=all style='page-break-before:always'>

</span></font>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>LoadModule access_module

modules/mod_access.so</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>Then, in the virtual host I setup for the

application, I simply added the following:</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> <Location ~

"^/.*/system/.*$" ></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>      Order Deny,Allow</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>      Deny from

all</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>      Allow from 192.168.1.1</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>      Allow from 192.168.1.2</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'></Location></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>This is basically saying if the URL

contains the system directory, deny all clients from accessing except those at

the IP addresses specified.  You can check out the apache documentation on

mod_access for more advanced configuration like specifying IP ranges or

subnets.</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'><a

href="http://httpd.apache.org/docs/2.0/mod/mod_access.html">http://httpd.apache.org/docs/2.0/mod/mod_access.html</a></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>I hope this helps and if anyone sees

anything wrong with this approach, please speak up!</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>Kevin</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>

<b><span style='font-weight:bold'>From:</span></b>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Jeff Moser<br>

<b><span style='font-weight:bold'>Sent:</span></b> </span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Tuesday,

 November 15, 2005</span></font><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'> </span></font><font

 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>11:55 AM</span></font><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>

<b><span style='font-weight:bold'>To:</span></b> The OpenCms mailing list<br>

<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]

proxying the admin tool</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Does anyone have any

input on this?  I put this up about a week ago and have not received a

single reply.</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>To summarize I am looking

for a way to proxy out the OpenCMS workplace so that it is not available on a

production network.  The way I am doing it below 99% works but has a few

serious quirks like the upload applet not working.</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Please help!</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>-Jeff </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>


<div>


<div class=MsoNormal align=center style='margin-left:.5in;text-align:center'><font

size=3 face="Times New Roman"><span style='font-size:12.0pt'>


<hr size=2 width="100%" align=center>


</span></font></div>


<p class=MsoNormal style='margin-left:.5in'><b><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Jeff Moser<br>

<b><span style='font-weight:bold'>Sent:</span></b> </span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Wednesday,

 November 09, 2005</span></font><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'> </span></font><font

 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>10:26 AM</span></font><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>

<b><span style='font-weight:bold'>To:</span></b> opencms-dev@opencms.org<br>

<b><span style='font-weight:bold'>Subject:</span></b> [opencms-dev] proxying

the admin tool</span></font></p>


</div>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>To all,<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Has anyone come up with a process

for proxying the admin tool to internal users only?  I am working with

OpenCMS 6 and have a production and development VLAN.  I would like to

make it so that the admin tool is not accessible on the production network

(externally available) but is accessible on the development network. 

Currently I have Apache setup to allow access to the proxy host on the

development VLAN using the following:<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>ProxyPass      

   /system/ http://production_server/system/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /system/ http://production_server/system/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPass          /export/

http://production_server/export/</span></font><font face=Arial><span

style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /export/ http://production_server/export/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPass          /resources/

http://production_server/resources/</span></font><font face=Arial><span

style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /resources/ http://production_server/resources/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPass          /opencms/

http://production_server/opencms/</span></font><font face=Arial><span

style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /opencms/ http://production_server/opencms/<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>This allows access to the Admin tool

from the proxy host; however the upload applet does not work.  I ran a

snoop on the requests being made through the proxy host for the upload applet

and it seems that the call to that upload jar file is being made directly to

the production host, not through the proxy.<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Any input on why this is happening

or perhaps a better method of proxying the admin tool would be greatly

appreciated!<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Regards,<u4:p></u4:p></span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Jeff<u4:p></u4:p></span></font></p>


</div>


<div>


<p style='margin-left:.5in'><strong><b><font size=1 color="#fe370b"

face=Verdana><span style='font-size:8.0pt;font-family:Verdana;color:#FE370B'>jeff.moser</span></font></b></strong><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>network administrator</span></font><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>tel 267.615.2682</span></font><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>cell 215.990.3467</span></font> </p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><strong><b><font size=1

color="#293133" face=Verdana><span style='font-size:8.0pt;font-family:Verdana;

color:#293133'>refinery</span></font></b></strong><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>top 30 </span></font><font size=1

  color="#293133" face=Verdana><span style='font-size:8.0pt;font-family:Verdana;

  color:#293133'>US</span></font><font size=1 color="#293133" face=Verdana><span

style='font-size:8.0pt;font-family:Verdana;color:#293133'> interactive agency</span></font><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'><ns1:HTML_ONLY w:insAuthor="Unknown" w:insDate="2005-11-15T11:51:00Z" w:endInsAuthor="Unknown" w:endInsDate="2005-11-15T11:51:00Z"><a

href="http://www.refinery.com/whitepapers.aspx"

title="http://www.refinery.com/whitepapers.aspx"><font color="#293133"><span

style='color:#293133'>Click for: Useful tips and sage advice on interactive. 5

Minute Whitepaper.</span></font></a></ns1:HTML_ONLY></span></font> </p>


</div>


</div>


</body>


</html>