2017

It keeps the original formatting.

/cgi-bin/.../Admin/.... It looks like a rewrite on the WebCatalog dir is the only way to get a redirect, as long as the user doesn't use the short-cut.> On April 1, 2017 at 3:18 PM christophe.billiottet@webdna.us wrote:> > I tested this and was able to make it work. I reset my workstation's apache config to pretty close to stock, and installed WebDNA Server 8.5.1 with the Ubuntu 14 installer. I put this right in the apache config's virtual host:> > RewriteEngine On> RewriteCond %{HTTPS} off> RewriteRule "^/cgi-bin/WebCatalogEngine/Admin/" https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NC]> > I ran quite a few tests and it worked as expected. Hopefully that looks good, please let me know if there are any problems.> > - chris> > > > > > On Mar 31, 2017, at 06:38, Jan Huijsmans wrote:> > > > > > I've been trying this for ages, didn't work on the cgi-bin dir, as that's a special case in apache. The /WebCatalog dir is easy to rewrite (but did a redirect in apache config, as that's where the admins have control, not the content writer), /cgi-bin/WebCatalog/Engine/Admin refuses to be rewritten.> > > > I'm hoping the WebDNA specific code will rewrite correctly..> > > > > > > On March 29, 2017 at 10:27 PM Stuart Tremain wrote:> > > > > > Or something as simple as adding> > > > > > RewriteCond %{SERVER_PORT} 80 > > > RewriteRule ^(.*)$ https://yoursecureddomain.com/$1 [R,L]> > > > > > To .htaccess> > > > > > > > > Kind regards> > > > > > Stuart Tremain> > > Pharoah Lane Software> > > AUSTRALIA> > > webdna@idfk.com.au mailto:webdna@idfk.com.au> > > > > > > > > > > > > > > > > > > > > > > > > > > > On 30 Mar 2017, at 05:04, Michael Davis wrote:> > > > > > > > If you want to lock down your Admin templates, and any template on the server that is using plain http auth in the clear with the [protect] tag, add this line to the top of your MultiGroupChecker:> > > > > > > > [showif [thisport]!443][redirect https://[GetMIMEHeader HTTP_HOST][ThisURL]][/showif]> > > > > > > > Not sure at what version [thisport] was added, so you'll have to test with your version.> > > > > > > > This will redirect every [protect]-ed page on your server that is not listening on port 443. So you'll need to assess whether this will break any web sites you are serving. If you're not comfortable putting this kind of blanket over the [protect] tag globally, you can always add a qualifier:> > > > > > > > [if ("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirect https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/if]> > > > > > > > > > > > MD> > > > > > > > > > > > > On Mar 27, 2017, at 1:52 AM, Jan Huijsmans wrote:> > > > > > > > > > > > > > > Hi,> > > > > > > > > > Ok, we managed to secure /WebCatalog/ dir with a permanent redirect to https, but the Admin dir itself is placed in cgi-bin dir, which has a special status and can't be handled in the same way. (other then redirecting the complete cgi-bin dir)> > > > > > > > > > To be honest, I'm surprised that the application itself doesn't do anything to improve security, other then username/password over an unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 server. I wouldn't want to provide services for several customers on 1 server with it. It shows it's age.> > > > > > > > > > > > > > > > On March 9, 2017 at 2:46 PM Jan Huijsmans wrote:> > > > > > > > > > > > > > > > > > Hi,> > > > > > > > > > > > With all the help, the environment we're setting up is running as I (and more importantly, the customer) expect it to.> > > > > > > > > > > > Is there an official way to secure the admin interface within WebDNA so connects are only accepted on https? We're trying to add a rewrite via apache config for the WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to secure the admin interface. > > > > > > > > > > > > Vriendelijke groet,> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- This message is sent to you because you are subscribed to the mailing listVriendelijke groet, ------=_Part_8356_237728852.1491222166317Content-Type: multipart/related; boundary="----=_Part_8357_814893154.1491222166317"------=_Part_8357_814893154.1491222166317MIME-Version: 1.0Content-Type: text/html; charset=UTF-8Content-Transfer-Encoding: quoted-printable

Chris,

Thanks for the reply. Ubuntu is a bit more adv=anced then RedHat/CentOS. We're stuck with CentOS, which ships with =9;httpd' 2.4.6-45 (apache, but an oldie). When I add the rewrite rule i=t just does nothing with it. Login reports a password needed for http://<site>/cgi-b=in/.../Admin/.... It looks like a rewrite on the WebCatalog dir is the =only way to get a redirect, as long as the user doesn't use the short-c=ut.

On April 1, 2017 at 3:18 PM christophe.billiott=et@webdna.us wrote:

I tested this and was able to make it work. I reset my workstation=9;s apache config to pretty close to stock, and installed WebDNA Server 8.5=..1 with the Ubuntu 14 installer. I put this right in the apache config'=s virtual host:

RewriteEngine On
RewriteCond %{HTTPS} off
Re=writeRule "^/cgi-bin/WebCatalogEngine/Admin/" https://%{HTTP_HOST}%{REQUEST_UR=I} [L,R=3D301,NC]

I ran quite a few tests and it worked as e=xpected. Hopefully that looks good, please let me know if there are any pro=blems.

- chris

<=div class=3D"">
On Mar 31, 2=017, at 06:38, Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

I've been trying this for ages, didn't work on =the cgi-bin dir, as that's a special case in apache. The /WebCatalog di=r is easy to rewrite (but did a redirect in apache config, as that's wh=ere the admins have control, not the content writer), /cgi-bin/WebCatalog/E=ngine/Admin refuses to be rewritten.
I='m hoping the WebDNA specific code will rewrite correctly..
On March 29, 2017 at 10:27 PM Stuart Tremain &#=60;webdna@idfk.com.au&=#62; wrote:

Or something as simple as adding
RewriteC=ond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yoursecureddomain.com/$1<=span class=3D"ox-f6d7ced66a-Apple-converted-space"> [R,L]
=

To .htaccess

Kind= regards

Stuart T=remain
Pharoah Lane Software
AUST=RALIA
webdna@idfk.com.au

On 30 Mar 2017, at 05:04, Michael Davis <admin@network13.net> wrote:

If you want to lock down= your Admin templates, and any template on the server that is using plain h=ttp auth in the clear with the [protect] tag, add this line to the top of y=our MultiGroupChecker:

=
[showif [thisport]!443][redirect https://[GetMIMEHeader HTTP_HOST][ThisURL]][/showif]

Not sure at what version [thisport] w=as added, so you'll have to test with your version.

This will redirect every [protect]-e=d page on your server that is not listening on port 443. So you'l=l need to assess whether this will break any web sites you are serving. =60;If you're not comfortable putting this kind of blanket over the [pro=tect] tag globally, you can always add a qualifier:
[if ("[thisport]"=;!"443")&("[ThisURL]"^"/WebCatalogEngine/")][th=en][redirect https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/the=n][/if]

MD
On Mar 27, 2017, at 1:52 AM, Jan Huijsmans =0;jan.huijsmans@b=aruch-ict.nl> wrote:

Hi,
Ok, we managed to secure /We=bCatalog/ dir with a permanent redirect to https, but the Admin dir itself =is placed in cgi-bin dir, which has a special status and can't be handl=ed in the same way. (other then redirecting the complete cgi-bin dir)
To be honest, I'm surprised that the =application itself doesn't do anything to improve security, other then =username/password over an unencrypted link. Personally I'm glad we can =contain WebDNA in virtual 1 server. I wouldn't want to provide ser=vices for several customers on 1 server with it. It shows it's age.
=
On March 9, 2017 at 2:46 PM Jan Huijsmans <jan.huijsmans@baruc=h-ict.nl> wrote:

Hi,
=
With all the help, the environment we're setting up is ru=nning as I (and more importantly, the customer) expect it to.
Is there an official way to secure the admin interface within WebDNA =so connects are only accepted on https? We're trying to add a rewr=ite via apache config for the WebCatalogEngine/Admin dir, but somehow it fe=els as the wrong way to secure the admin interface.
Vriendelijke groet,
=

On April 1, 2017 at 3:18 PM christophe.billiott=et@webdna.us wrote:

I tested this and was able to make it work. I reset my workstation=9;s apache config to pretty close to stock, and installed WebDNA Server 8.5=..1 with the Ubuntu 14 installer. I put this right in the apache config'=s virtual host:

RewriteEngine On
RewriteCond %{HTTPS} off
Re=writeRule "^/cgi-bin/WebCatalogEngine/Admin/" https://%{HTTP_HOST}%{REQUEST_UR=I} [L,R=3D301,NC]

I ran quite a few tests and it worked as e=xpected. Hopefully that looks good, please let me know if there are any pro=blems.

- chris

<=div class=3D"">

On Mar 31, 2=017, at 06:38, Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

I've been trying this for ages, didn't work on =the cgi-bin dir, as that's a special case in apache. The /WebCatalog di=r is easy to rewrite (but did a redirect in apache config, as that's wh=ere the admins have control, not the content writer), /cgi-bin/WebCatalog/E=ngine/Admin refuses to be rewritten.
I='m hoping the WebDNA specific code will rewrite correctly..
On March 29, 2017 at 10:27 PM Stuart Tremain &#=60;webdna@idfk.com.au&=#62; wrote:

Or something as simple as adding
RewriteC=ond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yoursecureddomain.com/$1<=span class=3D"ox-f6d7ced66a-Apple-converted-space"> [R,L]
=

To .htaccess

Kind= regards

Stuart T=remain
Pharoah Lane Software
AUST=RALIA
webdna@idfk.com.au

On 30 Mar 2017, at 05:04, Michael Davis <admin@network13.net> wrote:

If you want to lock down= your Admin templates, and any template on the server that is using plain h=ttp auth in the clear with the [protect] tag, add this line to the top of y=our MultiGroupChecker:

=
[showif [thisport]!443][redirect https://[GetMIMEHeader HTTP_HOST][thisurl]][/showif]

Not sure at what version [thisport] w=as added, so you'll have to test with your version.

This will redirect every [protect]-e=d page on your server that is not listening on port 443. So you'l=l need to assess whether this will break any web sites you are serving. =60;If you're not comfortable putting this kind of blanket over the [pro=tect] tag globally, you can always add a qualifier:
[if ("[thisport]"=;!"443")&("[thisurl]"^"/WebCatalogEngine/")][th=en][redirect [thisurl]][/then][=/if" class=3D"">https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/the=n][/if]

MD
On Mar 27, 2017, at 1:52 AM, Jan Huijsmans =0;jan.huijsmans@b=aruch-ict.nl> wrote:

Hi,
Ok, we managed to secure /We=bCatalog/ dir with a permanent redirect to https, but the Admin dir itself =is placed in cgi-bin dir, which has a special status and can't be handl=ed in the same way. (other then redirecting the complete cgi-bin dir)
To be honest, I'm surprised that the =application itself doesn't do anything to improve security, other then =username/password over an unencrypted link. Personally I'm glad we can =contain WebDNA in virtual 1 server. I wouldn't want to provide ser=vices for several customers on 1 server with it. It shows it's age.
=
On March 9, 2017 at 2:46 PM Jan Huijsmans <jan.huijsmans@baruc=h-ict.nl> wrote:

Hi,
=
With all the help, the environment we're setting up is ru=nning as I (and more importantly, the customer) expect it to.
Is there an official way to secure the admin interface within WebDNA =so connects are only accepted on https? We're trying to add a rewr=ite via apache config for the WebCatalogEngine/Admin dir, but somehow it fe=els as the wrong way to secure the admin interface.
Vriendelijke groet,
=

Re: [WebDNA] [BULK] Securing WebCatalog login

2017

Top Articles:

Related Readings: