[ic] Moving the admin interface to a different url

Mike Heins mike at perusion.com
Sun Nov 18 14:12:23 EST 2007 

Quoting John1 (list_subscriber at yahoo.co.uk):
> On Sunday, November 18, 2007 5:20 AM Paul Jordan wrote:
> 
> >interchange-users-bounces at icdevgroup.org wrote:
> >>On Saturday, November 17, 2007 5:45 PM Paul Jordan wrote:
> >>
> >>>>I just thought it would be nice if there was a simple way to move
> >>>>admin pages from: www.websitedomain.com/admin
> >>>>to say:
> >>>>www.websitedomain.com/adminqwerty
> >>>
> >>>
> >>>This really would not afford you much security.
> >>>
> >>Why not?  :-)
> >
> >
> >Because the URL will be found. Do you have any mobile workers? If
> >not, then only allow the office IP address -  you're done. If you do,
> >where do they go? Are laptop users careful? Do they all have secure
> >Wifi at home if they are logging in? Do you have people travelling in
> >small towns and out of country who will go to fly by night internet
> >cafe's, airports?
> >
> We are only a small company and nobody *should* be trying to access the 
> admin page from laptops or internent cafes.  Restricting the IP range is a 
> good idea, though I would have to allow some ISP dynamic ranges.
> 
> >If you are not locked down, then the effort is not worth the value. I
> >did not say it was no security, just that it will not afford you much
> >of it. For the same effort you can put in place a myriad of
> >techniques and make it secure - and not just hiding.
> >
> I agree that if I have to search for all the hardcoded references to /admin 
> it may not be worth the effort

It is very simple to do in Apache:

	<Location /cgi-bin/yourscript/admin/*>
	AuthUserFile /var/www/.htpasswd
	AuthGroupFile /var/www/.htgroup
	AuthName YourOrg
	AuthType Basic
	Satisfy Any
	Allow from 10.10.10
	Require group icadmin
	Deny from all
	</Location>

But by far the best way, as I said before, is to use a separate IC
server instance to serve admin -- it closes off the "process" hole. Then
put that behind a VPN.

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.647.1295  tollfree 800-949-1889 <mike at perusion.com>

Being against torture ought to be sort of a bipartisan thing.
-- Karl Lehenbauer

More information about the interchange-users mailing list