<html xmlns:ns1="http://www.exclaimer.co.uk">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=Generator content="Microsoft Word 10 (filtered)">

<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p
        {margin-right:0in;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.EmailStyle18
        {font-family:Arial;
        color:windowtext;}
span.EmailStyle19
        {font-family:Arial;
        color:navy;}
span.EmailStyle21
        {font-family:Arial;
        color:navy;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hi Jeff, </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I was hoping someone would respond to this
as well… but since they didn’t, I started playing around with my
apache config.</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>The following is what I’ve come up
with and on some basic testing it seems to work well.  I will have to do
some more rigorous testing.  I am using Apache 2.0.55 and Tomcat 5.5 on windows
2000 and 2003 machines with OpenCms 6.0.2</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>My requirements are similar to yours I
want to limit connections to the admin app to only IPs originating from our
companies subnet.  </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>All I did was make sure the mod_access
module is active in your httpd.conf file… should look like:</span></font></p>

<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'><br clear=all style='page-break-before:always'>
</span></font>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>LoadModule access_module
modules/mod_access.so</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Then, in the virtual host I setup for the
application, I simply added the following:</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> <Location ~
"^/.*/system/.*$" ></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>      Order Deny,Allow</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>      Deny from
all</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>      Allow from 192.168.1.1</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>      Allow from 192.168.1.2</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'></Location></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>This is basically saying if the URL
contains the system directory, deny all clients from accessing except those at
the IP addresses specified.  You can check out the apache documentation on
mod_access for more advanced configuration like specifying IP ranges or
subnets.</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><a
href="http://httpd.apache.org/docs/2.0/mod/mod_access.html">http://httpd.apache.org/docs/2.0/mod/mod_access.html</a></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I hope this helps and if anyone sees
anything wrong with this approach, please speak up!</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Kevin</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b>
opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Jeff Moser<br>
<b><span style='font-weight:bold'>Sent:</span></b> </span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Tuesday,
 November 15, 2005</span></font><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'> </span></font><font
 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>11:55 AM</span></font><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>
<b><span style='font-weight:bold'>To:</span></b> The OpenCms mailing list<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]
proxying the admin tool</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>Does anyone have any
input on this?  I put this up about a week ago and have not received a
single reply.</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>To summarize I am looking
for a way to proxy out the OpenCMS workplace so that it is not available on a
production network.  The way I am doing it below 99% works but has a few
serious quirks like the upload applet not working.</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>Please help!</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>-Jeff </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<div>

<div class=MsoNormal align=center style='margin-left:.5in;text-align:center'><font
size=3 face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center>

</span></font></div>

<p class=MsoNormal style='margin-left:.5in'><b><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Jeff Moser<br>
<b><span style='font-weight:bold'>Sent:</span></b> </span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Wednesday,
 November 09, 2005</span></font><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'> </span></font><font
 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>10:26 AM</span></font><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>
<b><span style='font-weight:bold'>To:</span></b> opencms-dev@opencms.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> [opencms-dev] proxying
the admin tool</span></font></p>

</div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>To all,<u4:p></u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Has anyone come up with a process
for proxying the admin tool to internal users only?  I am working with
OpenCMS 6 and have a production and development VLAN.  I would like to
make it so that the admin tool is not accessible on the production network
(externally available) but is accessible on the development network. 
Currently I have Apache setup to allow access to the proxy host on the
development VLAN using the following:<u4:p></u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>ProxyPass      
   /system/ http://production_server/system/</span></font><font
face=Arial><span style='font-family:Arial'> <br>
</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:
Arial'>ProxyPassReverse   /system/ http://production_server/system/</span></font><font
face=Arial><span style='font-family:Arial'> <br>
</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:
Arial'>ProxyPass          /export/
http://production_server/export/</span></font><font face=Arial><span
style='font-family:Arial'> <br>
</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:
Arial'>ProxyPassReverse   /export/ http://production_server/export/</span></font><font
face=Arial><span style='font-family:Arial'> <br>
</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:
Arial'>ProxyPass          /resources/
http://production_server/resources/</span></font><font face=Arial><span
style='font-family:Arial'> <br>
</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:
Arial'>ProxyPassReverse   /resources/ http://production_server/resources/</span></font><font
face=Arial><span style='font-family:Arial'> <br>
</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:
Arial'>ProxyPass          /opencms/
http://production_server/opencms/</span></font><font face=Arial><span
style='font-family:Arial'> <br>
</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:
Arial'>ProxyPassReverse   /opencms/ http://production_server/opencms/<u4:p></u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>This allows access to the Admin tool
from the proxy host; however the upload applet does not work.  I ran a
snoop on the requests being made through the proxy host for the upload applet
and it seems that the call to that upload jar file is being made directly to
the production host, not through the proxy.<u4:p></u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Any input on why this is happening
or perhaps a better method of proxying the admin tool would be greatly
appreciated!<u4:p></u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><u4:p> </u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Regards,<u4:p></u4:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Jeff<u4:p></u4:p></span></font></p>

</div>

<div>

<p style='margin-left:.5in'><strong><b><font size=1 color="#fe370b"
face=Verdana><span style='font-size:8.0pt;font-family:Verdana;color:#FE370B'>jeff.moser</span></font></b></strong><br>
<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;
font-family:Verdana;color:#293133'>network administrator</span></font><br>
<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;
font-family:Verdana;color:#293133'>tel 267.615.2682</span></font><br>
<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;
font-family:Verdana;color:#293133'>cell 215.990.3467</span></font> </p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><strong><b><font size=1
color="#293133" face=Verdana><span style='font-size:8.0pt;font-family:Verdana;
color:#293133'>refinery</span></font></b></strong><br>
<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;
font-family:Verdana;color:#293133'>top 30 </span></font><font size=1
  color="#293133" face=Verdana><span style='font-size:8.0pt;font-family:Verdana;
  color:#293133'>US</span></font><font size=1 color="#293133" face=Verdana><span
style='font-size:8.0pt;font-family:Verdana;color:#293133'> interactive agency</span></font><br>
<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;
font-family:Verdana;color:#293133'><ns1:HTML_ONLY w:insAuthor="Unknown" w:insDate="2005-11-15T11:51:00Z" w:endInsAuthor="Unknown" w:endInsDate="2005-11-15T11:51:00Z"><a
href="http://www.refinery.com/whitepapers.aspx"
title="http://www.refinery.com/whitepapers.aspx"><font color="#293133"><span
style='color:#293133'>Click for: Useful tips and sage advice on interactive. 5
Minute Whitepaper.</span></font></a></ns1:HTML_ONLY></span></font> </p>

</div>

</div>

</body>

</html>