<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3492" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=967590400-11052010><FONT face=Arial size=2>Hello
all,</FONT></SPAN></DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial size=2>I'm using Apache as
a frontend that serves statically exported resources, and Tomcat as the
application server. I followed the guide on the wiki and some tips from other
places to get the setup working. (and it is working fine now)
</FONT></SPAN><SPAN class=967590400-11052010><FONT face=Arial size=2>Tomcat is
run on port 8080, which is firewalled. Suppose that OpenCms
7.0.5 servlet name is "opencms."</FONT></SPAN></DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial size=2>I recently realized
that anyone could access the workplace over port 80 (apache and mod_proxy), by
simply going to: /opencms/system/login/index.html.</FONT></SPAN></DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial size=2>That is certainly
something I do not want possible. So, I added an Apache <Location>
directive to deny access to '/opencms/system/' path, and it seems to be working
fine. However, my question to you is: is denying the above location sufficient?
are there any other paths I need to be aware of?</FONT></SPAN></DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial size=2>Your insight is much
appreciated.</FONT></SPAN></DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial size=2>Thank
you!</FONT></SPAN></DIV>
<DIV><SPAN class=967590400-11052010><FONT face=Arial
size=2>Ahmed</FONT></SPAN></DIV></BODY></HTML>