[ic] Moving the admin interface to a different url
Mike Heins
mike at perusion.com
Sun Nov 18 14:12:23 EST 2007
Quoting John1 (list_subscriber at yahoo.co.uk):
> On Sunday, November 18, 2007 5:20 AM Paul Jordan wrote:
>
> >interchange-users-bounces at icdevgroup.org wrote:
> >>On Saturday, November 17, 2007 5:45 PM Paul Jordan wrote:
> >>
> >>>>I just thought it would be nice if there was a simple way to move
> >>>>admin pages from: www.websitedomain.com/admin
> >>>>to say:
> >>>>www.websitedomain.com/adminqwerty
> >>>
> >>>
> >>>This really would not afford you much security.
> >>>
> >>Why not? :-)
> >
> >
> >Because the URL will be found. Do you have any mobile workers? If
> >not, then only allow the office IP address - you're done. If you do,
> >where do they go? Are laptop users careful? Do they all have secure
> >Wifi at home if they are logging in? Do you have people travelling in
> >small towns and out of country who will go to fly by night internet
> >cafe's, airports?
> >
> We are only a small company and nobody *should* be trying to access the
> admin page from laptops or internent cafes. Restricting the IP range is a
> good idea, though I would have to allow some ISP dynamic ranges.
>
> >If you are not locked down, then the effort is not worth the value. I
> >did not say it was no security, just that it will not afford you much
> >of it. For the same effort you can put in place a myriad of
> >techniques and make it secure - and not just hiding.
> >
> I agree that if I have to search for all the hardcoded references to /admin
> it may not be worth the effort
It is very simple to do in Apache:
<Location /cgi-bin/yourscript/admin/*>
AuthUserFile /var/www/.htpasswd
AuthGroupFile /var/www/.htgroup
AuthName YourOrg
AuthType Basic
Satisfy Any
Allow from 10.10.10
Require group icadmin
Deny from all
</Location>
But by far the best way, as I said before, is to use a separate IC
server instance to serve admin -- it closes off the "process" hole. Then
put that behind a VPN.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
Being against torture ought to be sort of a bipartisan thing.
-- Karl Lehenbauer
More information about the interchange-users
mailing list