On Mar 31, 2017, at 06:38, Jan =Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:I've been trying this for ages, didn't work on the cgi-bin =dir, as that's a special case in apache. The /WebCatalog dir is easy to =rewrite (but did a redirect in apache config, as that's where the admins =have control, not the content writer), /cgi-bin/WebCatalog/Engine/Admin =refuses to be rewritten.
I'm hoping the WebDNA =specific code will rewrite correctly..
On March 29, 2017 at 10:27 PM Stuart Tremain <webdna@idfk.com.au> =wrote:
Or something as simple as addingRewriteCond %{SERVER_PORT} 80To .htaccessOn 30 Mar 2017, at 05:04, Michael Davis <admin@network13.net>= wrote:If you want =to lock down your Admin templates, and any template on the server that =is using plain http auth in the clear with the [protect] tag, add this =line to the top of your MultiGroupChecker:Not sure at =what version [thisport] was added, so you'll have to test with your =version.This =will redirect every [protect]-ed page on your server that is not =listening on port 443. So you'll need to assess whether this will =break any web sites you are serving. If you're not comfortable =putting this kind of blanket over the [protect] tag globally, you can =always add a qualifier:[if =("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirec=t https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/=if]MDOn Mar =27, 2017, at 1:52 AM, Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:Hi,
Ok, we managed to secure =/WebCatalog/ dir with a permanent redirect to https, but the Admin dir =itself is placed in cgi-bin dir, which has a special status and can't be =handled in the same way. (other then redirecting the complete cgi-bin =dir)
To be =honest, I'm surprised that the application itself doesn't do anything to =improve security, other then username/password over an unencrypted link. =Personally I'm glad we can contain WebDNA in virtual 1 server. I =wouldn't want to provide services for several customers on 1 server with =it. It shows it's age.
On March =9, 2017 at 2:46 PM Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:Hi,
With all the help, the =environment we're setting up is running as I (and more importantly, the =customer) expect it to.
Is there an official way to =secure the admin interface within WebDNA so connects are only accepted =on https? We're trying to add a rewrite via apache config for the =WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to =secure the admin interface.
Vriendelijke groet,
|
On Mar 31, 2017, at 06:38, Jan =Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:I've been trying this for ages, didn't work on the cgi-bin =dir, as that's a special case in apache. The /WebCatalog dir is easy to =rewrite (but did a redirect in apache config, as that's where the admins =have control, not the content writer), /cgi-bin/WebCatalog/Engine/Admin =refuses to be rewritten.
I'm hoping the WebDNA =specific code will rewrite correctly..
On March 29, 2017 at 10:27 PM Stuart Tremain <webdna@idfk.com.au> =wrote:
Or something as simple as addingRewriteCond %{SERVER_PORT} 80To .htaccessOn 30 Mar 2017, at 05:04, Michael Davis <admin@network13.net>= wrote:If you want =to lock down your Admin templates, and any template on the server that =is using plain http auth in the clear with the [protect] tag, add this =line to the top of your MultiGroupChecker:Not sure at =what version [thisport] was added, so you'll have to test with your =version.This =will redirect every [protect]-ed page on your server that is not =listening on port 443. So you'll need to assess whether this will =break any web sites you are serving. If you're not comfortable =putting this kind of blanket over the [protect] tag globally, you can =always add a qualifier:MDOn Mar =27, 2017, at 1:52 AM, Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:Hi,
Ok, we managed to secure =/WebCatalog/ dir with a permanent redirect to https, but the Admin dir =itself is placed in cgi-bin dir, which has a special status and can't be =handled in the same way. (other then redirecting the complete cgi-bin =dir)
To be =honest, I'm surprised that the application itself doesn't do anything to =improve security, other then username/password over an unencrypted link. =Personally I'm glad we can contain WebDNA in virtual 1 server. I =wouldn't want to provide services for several customers on 1 server with =it. It shows it's age.
On March =9, 2017 at 2:46 PM Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:Hi,
With all the help, the =environment we're setting up is running as I (and more importantly, the =customer) expect it to.
Is there an official way to =secure the admin interface within WebDNA so connects are only accepted =on https? We're trying to add a rewrite via apache config for the =WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to =secure the admin interface.
Vriendelijke groet,
DOWNLOAD WEBDNA NOW!
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...