
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html xmlns:ns1="http://www.exclaimer.co.uk">


<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=Generator content="Microsoft Word 10 (filtered)">

<title>Message</title>


<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

@font-face

        {font-family:Verdana;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman";}

a:link, span.MsoHyperlink

        {color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {color:purple;

        text-decoration:underline;}

p

        {margin-right:0in;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman";}

span.emailstyle18

        {font-family:Arial;

        color:windowtext;}

span.emailstyle19

        {font-family:Arial;

        color:navy;}

span.emailstyle21

        {font-family:Arial;

        color:navy;}

span.emailstyle210

        {font-family:Arial;

        color:navy;}

span.emailstyle23

        {font-family:Arial;

        color:navy;}

span.EmailStyle24

        {font-family:Arial;

        color:navy;}

@page Section1

        {size:8.5in 11.0in;

        margin:1.0in 1.25in 1.0in 1.25in;}

div.Section1

        {page:Section1;}

-->

</style>


</head>


<body lang=EN-US link=blue vlink=purple>


<div class=Section1>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>Thanks Arash,</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>Our site is hosted by a third party

hosting company.  So we just have a single app server sitting behind a

firewall with only ports 80 & 443 open.</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>Also, as a follow up to the configuration

I gave, I’ve added an extra element to make the error screen more

graceful.  I have created a 404 error page and a 500 error page in my default

site.  So in my apache configuration, inside the virtualhost for the

opencms site, my configuration now looks like:</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face="Courier New"><span

style='font-size:10.0pt;font-family:"Courier New";color:navy'>      ErrorDocument

403 /general/error_404.html</span></font></p>


<p class=MsoNormal><font size=2 color=navy face="Courier New"><span

style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face="Courier New"><span

style='font-size:10.0pt;font-family:"Courier New";color:navy'>      <Location

~ "^/.*/system/.*$"></span></font></p>


<p class=MsoNormal><font size=2 color=navy face="Courier New"><span

style='font-size:10.0pt;font-family:"Courier New";color:navy'>            Order

Deny,Allow</span></font></p>


<p class=MsoNormal><font size=2 color=navy face="Courier New"><span

style='font-size:10.0pt;font-family:"Courier New";color:navy'>            Deny

from all</span></font></p>


<p class=MsoNormal><font size=2 color=navy face="Courier New"><span

style='font-size:10.0pt;font-family:"Courier New";color:navy'>            Allow

from 127.0.0.1</span></font></p>


<p class=MsoNormal><font size=2 color=navy face="Courier New"><span

style='font-size:10.0pt;font-family:"Courier New";color:navy'>            Allow

from 192.168.1.64/255.255.255.192</span></font></p>


<p class=MsoNormal><font size=2 color=navy face="Courier New"><span

style='font-size:10.0pt;font-family:"Courier New";color:navy'>      </Location></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>If there is a forbidden status code

thrown, apache will forward to my custom error page which I have set as a 404

(File Not Found) error.  That way, users trying to hit the admin login

page won’t even know it’s an opencms site.</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>Cheers,</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>Kevin</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>

<b><span style='font-weight:bold'>From:</span></b>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Arash Kaffamanesh<br>

<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, November 15, 2005

5:12 PM<br>

<b><span style='font-weight:bold'>To:</span></b> 'The OpenCms mailing list'<br>

<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]

proxying the admin tool</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:blue'>Hi Kevin,</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:blue'>normaly in a DMZ you

shall not allow the apache to know about IP adresses in your LAN, unless there

will be some security problems! Let say your firewall shall allow apache

webserver to know about the ip-adresses of your imployees in your LAN, so you

have to open some punched holes in your firewall from DMZ into LAN :-)</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:blue'>Perhaps I'm wrong.</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:blue'>Anyway your solution is

pretty nice, congrats!</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:blue'>Best Regards,</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:blue'>Arash</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<blockquote style='margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>


<p class=MsoNormal style='margin-right:0in;margin-bottom:12.0pt;margin-left:

.5in'><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>-----Original

Message-----<br>

<b><span style='font-weight:bold'>From:</span></b>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Kelley, Kevin<br>

<b><span style='font-weight:bold'>Sent:</span></b> Dienstag, 15. November 2005

22:16<br>

<b><span style='font-weight:bold'>To:</span></b> The OpenCms mailing list<br>

<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]

proxying the admin tool</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Hi Arash,</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>I’ve actually just

finished implementing the solution I wrote about before and all seems to work

quite well.  I had a number of people outside of my network try to access

the admin tool and they got an Access Denied Error.  Apache will only

allow our employees to see the admin application (well, everything behind a url

with /system/ in it) because I supplied our network/netmask to the Allow from

line.</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>Kevin</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>

<b><span style='font-weight:bold'>From:</span></b>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Arash Kaffamanesh<br>

<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, November 15, 2005

3:55 PM<br>

<b><span style='font-weight:bold'>To:</span></b> 'The OpenCms mailing list'<br>

<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]

proxying the admin tool</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=blue

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:blue'>Hi,</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=blue

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:blue'>as I understand

your production server is behind your firewall (let say in a DMZ) and your

employees shouldn't have access to it, but these solutions with IP restrictions

and so on work only from your LAN and the workplace will still be accessible

from outside (from internet) and your employees or some hackers could hack you

from home :-)</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=blue

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:blue'>The best

way is to use a master / slave installation with OCEE Cluster Module

(commercial module from Alkacon Software).</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=blue

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:blue'>The solution

for the upload applet can be solved by signing the applet (not tested

myself, but somehow sure about it).</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=blue

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:blue'>I guess:

You shall checkout the applet source and use a trusted certificate to sign it!</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=blue

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:blue'>HTH,</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=blue

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:blue'>Kind

Regards,</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=blue

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:blue'>Arash</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


<div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


</div>


</div>


<blockquote style='margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>


<p class=MsoNormal style='margin-right:0in;margin-bottom:12.0pt;margin-left:

1.0in'><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>-----Original

Message-----<br>

<b><span style='font-weight:bold'>From:</span></b>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Jeff Moser<br>

<b><span style='font-weight:bold'>Sent:</span></b> Dienstag, 15. November 2005

20:44<br>

<b><span style='font-weight:bold'>To:</span></b> The OpenCms mailing list<br>

<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]

proxying the admin tool</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Kevin,</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Will

this work if I am using a custom module for my site?  Won’t

references to that module require that external users access the /system/

directory?</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Let me

know what you think.  Thanks a ton for responding though!!</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Jeff </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<div>


<div style='margin-left:.5in'>


<div class=MsoNormal align=center style='margin-left:.5in;text-align:center'><font

size=3 face="Times New Roman"><span style='font-size:12.0pt'>


<hr size=2 width="100%" align=center>


</span></font></div>


</div>


<p class=MsoNormal style='margin-left:1.0in'><b><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Kelley, Kevin<br>

<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, November 15, 2005

2:29 PM<br>

<b><span style='font-weight:bold'>To:</span></b> The OpenCms mailing list<br>

<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]

proxying the admin tool</span></font></p>


</div>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Hi Jeff,

</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>I was

hoping someone would respond to this as well… but since they

didn’t, I started playing around with my apache config.</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>The

following is what I’ve come up with and on some basic testing it seems to

work well.  I will have to do some more rigorous testing.  I am using

Apache 2.0.55 and Tomcat 5.5 on windows 2000 and 2003 machines with OpenCms

6.0.2</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>My

requirements are similar to yours I want to limit connections to the admin app

to only IPs originating from our companies subnet.  </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>All I

did was make sure the mod_access module is active in your httpd.conf

file… should look like:</span></font></p>


<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:

Arial;color:navy'><br clear=all style='page-break-before:always'>

</span></font>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>LoadModule

access_module modules/mod_access.so</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Then, in

the virtual host I setup for the application, I simply added the following:</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> <Location

~ "^/.*/system/.*$" ></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>     

Order Deny,Allow</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>     

Deny from all</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>     

Allow from 192.168.1.1</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>     

Allow from 192.168.1.2</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'></Location></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>This is

basically saying if the URL contains the system directory, deny all clients

from accessing except those at the IP addresses specified.  You can check

out the apache documentation on mod_access for more advanced configuration like

specifying IP ranges or subnets.</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'><a

href="http://httpd.apache.org/docs/2.0/mod/mod_access.html">http://httpd.apache.org/docs/2.0/mod/mod_access.html</a></span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>I hope

this helps and if anyone sees anything wrong with this approach, please speak

up!</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Kevin</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>

<b><span style='font-weight:bold'>From:</span></b>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Jeff Moser<br>

<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, November 15, 2005

11:55 AM<br>

<b><span style='font-weight:bold'>To:</span></b> The OpenCms mailing list<br>

<b><span style='font-weight:bold'>Subject:</span></b> RE: [opencms-dev]

proxying the admin tool</span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Does

anyone have any input on this?  I put this up about a week ago and have

not received a single reply.</span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>To

summarize I am looking for a way to proxy out the OpenCMS workplace so that it

is not available on a production network.  The way I am doing it below 99%

works but has a few serious quirks like the upload applet not working.</span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Please

help!</span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy

face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>-Jeff </span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<div>


<div style='margin-left:.5in'>


<div style='margin-left:.5in'>


<div class=MsoNormal align=center style='margin-left:.5in;text-align:center'><font

size=3 face="Times New Roman"><span style='font-size:12.0pt'>


<hr size=2 width="100%" align=center>


</span></font></div>


</div>


</div>


<p class=MsoNormal style='margin-left:1.5in'><b><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>

opencms-dev-bounces@opencms.org [mailto:opencms-dev-bounces@opencms.org] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Jeff Moser<br>

<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, November 09, 2005

10:26 AM<br>

<b><span style='font-weight:bold'>To:</span></b> opencms-dev@opencms.org<br>

<b><span style='font-weight:bold'>Subject:</span></b> [opencms-dev] proxying

the admin tool</span></font></p>


</div>


<p class=MsoNormal style='margin-left:1.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'> </span></font></p>


<div>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>To all,<U4:P></U4:P></span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><U4:P></U4:P>Has anyone come up with

a process for proxying the admin tool to internal users only?  I am

working with OpenCMS 6 and have a production and development VLAN.  I

would like to make it so that the admin tool is not accessible on the

production network (externally available) but is accessible on the development

network.  Currently I have Apache setup to allow access to the proxy host

on the development VLAN using the following:<U4:P></U4:P></span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><U4:P></U4:P>ProxyPass    

     /system/ http://production_server/system/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /system/ http://production_server/system/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPass          /export/

http://production_server/export/</span></font><font face=Arial><span

style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /export/ http://production_server/export/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPass          /resources/

http://production_server/resources/</span></font><font face=Arial><span

style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /resources/ http://production_server/resources/</span></font><font

face=Arial><span style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPass          /opencms/

http://production_server/opencms/</span></font><font face=Arial><span

style='font-family:Arial'> <br>

</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:

Arial'>ProxyPassReverse   /opencms/ http://production_server/opencms/<U4:P></U4:P></span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><U4:P></U4:P>This allows access to

the Admin tool from the proxy host; however the upload applet does not

work.  I ran a snoop on the requests being made through the proxy host for

the upload applet and it seems that the call to that upload jar file is being

made directly to the production host, not through the proxy.<U4:P></U4:P></span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><U4:P></U4:P>Any input on why this

is happening or perhaps a better method of proxying the admin tool would be

greatly appreciated!<U4:P></U4:P></span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'><U4:P></U4:P>Regards,<U4:P></U4:P></span></font></p>


<p class=MsoNormal style='margin-left:1.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Jeff<U4:P></U4:P></span></font></p>


</div>


<div>


<p style='margin-left:1.5in'><strong><b><font size=1 color="#fe370b"

face=Verdana><span style='font-size:8.0pt;font-family:Verdana;color:#FE370B'>jeff.moser</span></font></b></strong><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>network administrator</span></font><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>tel 267.615.2682</span></font><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>cell 215.990.3467</span></font> </p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.5in'><strong><b><font size=1

color="#293133" face=Verdana><span style='font-size:8.0pt;font-family:Verdana;

color:#293133'>refinery</span></font></b></strong><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'>top 30 US interactive agency</span></font><br>

<font size=1 color="#293133" face=Verdana><span style='font-size:8.0pt;

font-family:Verdana;color:#293133'><ns1:HTML_ONLY u1:insAuthor="Unknown" u1:insDate="2005-11-15T14:40:00Z" u1:endInsAuthor="Unknown" u1:endInsDate="2005-11-15T14:40:00Z"><a

href="http://www.refinery.com/whitepapers.aspx"

title="http://www.refinery.com/whitepapers.aspx"><font color="#293133"><span

style='color:#293133'>Click for: Useful tips and sage advice on interactive. 5

Minute Whitepaper.</span></font></a></ns1:HTML_ONLY></span></font> </p>


</div>


</blockquote>


</blockquote>


</div>


</body>


</html>