Re: [WebDNA] Webcatalog folder missing on a Windows Server

This WebDNA talk-list message is from

2017


It keeps the original formatting.
numero = 113544
interpreted = N
texte = 1139 --Apple-Mail=_6D7BCC41-0EDC-4468-BF5D-6D9DA81AFA01 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I'm not sure if this is the same on Windows, but the admin folder is = actually in the WebCatalogEngine folder on linux. So on linux you would = access http://yourserver/cgi-bin/WebCatalogEngine/Admin/ = =20 You may experiment with the Windows server equivalent of that URL and = find all the stuff you're looking for. MD > On Apr 11, 2017, at 6:31 PM, Kenneth Grome = wrote: >=20 > I tested this and was able to make it work. I reset my workstation's = apache config to pretty close to stock, and installed WebDNA Server = 8.5.1 with the Ubuntu 14 installer. I put this right in the apache = config's virtual host: >=20 > RewriteEngine On > RewriteCond %{HTTPS} off > RewriteRule "^/cgi-bin/WebCatalogEngine/Admin/" https://% = {HTTP_HOST}%{REQUEST_URI} [L,R=3D301,NC] >=20 > I ran quite a few tests and it worked as expected. Hopefully that = looks good, please let me know if there are any problems. >=20 > - chris >=20 >=20 >> On Mar 31, 2017, at 06:38, Jan Huijsmans > wrote: >>=20 >> I've been trying this for ages, didn't work on the cgi-bin dir, as = that's a special case in apache. The /WebCatalog dir is easy to rewrite = (but did a redirect in apache config, as that's where the admins have = control, not the content writer), /cgi-bin/WebCatalog/Engine/Admin = refuses to be rewritten. >>=20 >> I'm hoping the WebDNA specific code will rewrite correctly.. >>=20 >>> On March 29, 2017 at 10:27 PM Stuart Tremain > wrote: >>>=20 >>> Or something as simple as adding >>>=20 >>> RewriteCond %{SERVER_PORT} 80=20 >>> RewriteRule ^(.*)$ https://yoursecureddomain.com/$1 = [R,L] >>>=20 >>> To .htaccess >>>=20 >>>=20 >>> Kind regards >>>=20 >>> Stuart Tremain >>> Pharoah Lane Software >>> AUSTRALIA >>> webdna@idfk.com.au >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>>> On 30 Mar 2017, at 05:04, Michael Davis > wrote: >>>>=20 >>>> If you want to lock down your Admin templates, and any template on = the server that is using plain http auth in the clear with the [protect] = tag, add this line to the top of your MultiGroupChecker: >>>>=20 >>>> [showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][ThisURL]][/showif] >>>>=20 >>>> Not sure at what version [thisport] was added, so you'll have to = test with your version. >>>>=20 >>>> This will redirect every [protect]-ed page on your server that is = not listening on port 443. So you'll need to assess whether this will = break any web sites you are serving. If you're not comfortable putting = this kind of blanket over the [protect] tag globally, you can always add = a qualifier: >>>>=20 >>>> [if = ("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirect = https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/if = ] >>>>=20 >>>>=20 >>>> MD >>>>> On Mar 27, 2017, at 1:52 AM, Jan Huijsmans = > = wrote: >>>>>=20 >>>>> Hi, >>>>>=20 >>>>> Ok, we managed to secure /WebCatalog/ dir with a permanent = redirect to https, but the Admin dir itself is placed in cgi-bin dir, = which has a special status and can't be handled in the same way. (other = then redirecting the complete cgi-bin dir) >>>>>=20 >>>>> To be honest, I'm surprised that the application itself doesn't do = anything to improve security, other then username/password over an = unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 = server. I wouldn't want to provide services for several customers on 1 = server with it. It shows it's age. >>>>>=20 >>>>>> On March 9, 2017 at 2:46 PM Jan Huijsmans = > = wrote: >>>>>>=20 >>>>>> Hi, >>>>>>=20 >>>>>> With all the help, the environment we're setting up is running as = I (and more importantly, the customer) expect it to. >>>>>>=20 >>>>>> Is there an official way to secure the admin interface within = WebDNA so connects are only accepted on https? We're trying to add a = rewrite via apache config for the WebCatalogEngine/Admin dir, but = somehow it feels as the wrong way to secure the admin interface.=20 >>>>>>=20 >>>>>> Vriendelijke groet, >>>>>>=20 >=20 >=20 >=20 >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us = Bug Reporting: = support@webdna.us --Apple-Mail=_6D7BCC41-0EDC-4468-BF5D-6D9DA81AFA01 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii I'm not sure if this is the same on Windows, but the admin = folder is actually in the WebCatalogEngine folder on linux.  So on = linux you would access http://yourserver/cgi-bin/WebCatalogEngine/Admin/  =     
You may experiment with the Windows = server equivalent of that URL and find all the stuff you're looking = for.

MD

On Apr 11, 2017, at 6:31 PM, = Kenneth Grome <ken@webdnasolutions.com> wrote:

I tested this and was able to = make it work. I reset my workstation's apache config to pretty close to = stock, and installed WebDNA Server 8.5.1 with the Ubuntu 14 installer. I = put this right in the apache config's virtual host:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule = "^/cgi-bin/WebCatalogEngine/Admin/" https://%{HTTP_HOST}%{REQUEST_URI} = [L,R=3D301,NC]

I ran quite a few tests and it = worked as expected. Hopefully that looks good, please let me know if = there are any problems.

- chris


On Mar = 31, 2017, at 06:38, Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

I've been = trying this for ages, didn't work on the cgi-bin dir, as that's a = special case in apache. The /WebCatalog dir is easy to rewrite (but did = a redirect in apache config, as that's where the admins have control, = not the content writer), /cgi-bin/WebCatalog/Engine/Admin refuses to be = rewritten.

I'm hoping the WebDNA specific code = will rewrite correctly..

On = March 29, 2017 at 10:27 PM Stuart Tremain <webdna@idfk.com.au> = wrote:

Or something as simple as adding

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://yoursecureddomain.com/$1 [R,L]

To .htaccess


Kind regards

Stuart Tremain
Pharoah Lane Software
AUSTRALIA






On 30 Mar 2017, at 05:04, Michael Davis <admin@network13.net>= wrote:

If you want = to lock down your Admin templates, and any template on the server that = is using plain http auth in the clear with the [protect] tag, add this = line to the top of your MultiGroupChecker:

[showif = [thisport]!443][redirect https://[GetMIMEHeader HTTP_HOST][ThisURL]][/showif]=

Not sure at = what version [thisport] was added, so you'll have to test with your = version.

This = will redirect every [protect]-ed page on your server that is not = listening on port 443.  So you'll need to assess whether this will = break any web sites you are serving.  If you're not comfortable = putting this kind of blanket over the [protect] tag globally, you can = always add a qualifier:

[if = ("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirec= t https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/= if]


MD
On Mar = 27, 2017, at 1:52 AM, Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

Ok, we managed to secure = /WebCatalog/ dir with a permanent redirect to https, but the Admin dir = itself is placed in cgi-bin dir, which has a special status and can't be = handled in the same way. (other then redirecting the complete cgi-bin = dir)

To be = honest, I'm surprised that the application itself doesn't do anything to = improve security, other then username/password over an unencrypted link. = Personally I'm glad we can contain WebDNA in virtual 1 server. I = wouldn't want to provide services for several customers on 1 server with = it. It shows it's age.

On March = 9, 2017 at 2:46 PM Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

With all the help, the = environment we're setting up is running as I (and more importantly, the = customer) expect it to.

Is there an official way to = secure the admin interface within WebDNA so connects are only accepted = on https? We're trying to add a rewrite via apache config for the = WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to = secure the admin interface. 

Vriendelijke groet,





--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list . = To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --Apple-Mail=_6D7BCC41-0EDC-4468-BF5D-6D9DA81AFA01-- . Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Webcatalog folder missing on a Windows Server (Rich Kwas 2017)
  2. Re: [WebDNA] Webcatalog folder missing on a Windows Server (Michael Davis 2017)
  3. Re: [WebDNA] Webcatalog folder missing on a Windows Server (Kenneth Grome 2017)
  4. [WebDNA] Webcatalog folder missing on a Windows Server installation. (Richard Kwasniewski 2017)
1139 --Apple-Mail=_6D7BCC41-0EDC-4468-BF5D-6D9DA81AFA01 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I'm not sure if this is the same on Windows, but the admin folder is = actually in the WebCatalogEngine folder on linux. So on linux you would = access http://yourserver/cgi-bin/WebCatalogEngine/Admin/ = =20 You may experiment with the Windows server equivalent of that URL and = find all the stuff you're looking for. MD > On Apr 11, 2017, at 6:31 PM, Kenneth Grome = wrote: >=20 > I tested this and was able to make it work. I reset my workstation's = apache config to pretty close to stock, and installed WebDNA Server = 8.5.1 with the Ubuntu 14 installer. I put this right in the apache = config's virtual host: >=20 > RewriteEngine On > RewriteCond %{HTTPS} off > RewriteRule "^/cgi-bin/WebCatalogEngine/Admin/" https://% = {HTTP_HOST}%{REQUEST_URI} [L,R=3D301,NC] >=20 > I ran quite a few tests and it worked as expected. Hopefully that = looks good, please let me know if there are any problems. >=20 > - chris >=20 >=20 >> On Mar 31, 2017, at 06:38, Jan Huijsmans > wrote: >>=20 >> I've been trying this for ages, didn't work on the cgi-bin dir, as = that's a special case in apache. The /WebCatalog dir is easy to rewrite = (but did a redirect in apache config, as that's where the admins have = control, not the content writer), /cgi-bin/WebCatalog/Engine/Admin = refuses to be rewritten. >>=20 >> I'm hoping the WebDNA specific code will rewrite correctly.. >>=20 >>> On March 29, 2017 at 10:27 PM Stuart Tremain > wrote: >>>=20 >>> Or something as simple as adding >>>=20 >>> RewriteCond %{SERVER_PORT} 80=20 >>> RewriteRule ^(.*)$ https://yoursecureddomain.com/$1 = [R,L] >>>=20 >>> To .htaccess >>>=20 >>>=20 >>> Kind regards >>>=20 >>> Stuart Tremain >>> Pharoah Lane Software >>> AUSTRALIA >>> webdna@idfk.com.au >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>>> On 30 Mar 2017, at 05:04, Michael Davis > wrote: >>>>=20 >>>> If you want to lock down your Admin templates, and any template on = the server that is using plain http auth in the clear with the [protect] = tag, add this line to the top of your MultiGroupChecker: >>>>=20 >>>> [showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][thisurl]][/showif] >>>>=20 >>>> Not sure at what version [thisport] was added, so you'll have to = test with your version. >>>>=20 >>>> This will redirect every [protect]-ed page on your server that is = not listening on port 443. So you'll need to assess whether this will = break any web sites you are serving. If you're not comfortable putting = this kind of blanket over the [protect] tag globally, you can always add = a qualifier: >>>>=20 >>>> [if = ("[thisport]"!"443")&("[thisurl]"^"/WebCatalogEngine/")][then][redirect = https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/then][/if = [thisurl]][/then][/if>] >>>>=20 >>>>=20 >>>> MD >>>>> On Mar 27, 2017, at 1:52 AM, Jan Huijsmans = > = wrote: >>>>>=20 >>>>> Hi, >>>>>=20 >>>>> Ok, we managed to secure /WebCatalog/ dir with a permanent = redirect to https, but the Admin dir itself is placed in cgi-bin dir, = which has a special status and can't be handled in the same way. (other = then redirecting the complete cgi-bin dir) >>>>>=20 >>>>> To be honest, I'm surprised that the application itself doesn't do = anything to improve security, other then username/password over an = unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 = server. I wouldn't want to provide services for several customers on 1 = server with it. It shows it's age. >>>>>=20 >>>>>> On March 9, 2017 at 2:46 PM Jan Huijsmans = > = wrote: >>>>>>=20 >>>>>> Hi, >>>>>>=20 >>>>>> With all the help, the environment we're setting up is running as = I (and more importantly, the customer) expect it to. >>>>>>=20 >>>>>> Is there an official way to secure the admin interface within = WebDNA so connects are only accepted on https? We're trying to add a = rewrite via apache config for the WebCatalogEngine/Admin dir, but = somehow it feels as the wrong way to secure the admin interface.=20 >>>>>>=20 >>>>>> Vriendelijke groet, >>>>>>=20 >=20 >=20 >=20 >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us = Bug Reporting: = support@webdna.us --Apple-Mail=_6D7BCC41-0EDC-4468-BF5D-6D9DA81AFA01 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii I'm not sure if this is the same on Windows, but the admin = folder is actually in the WebCatalogEngine folder on linux.  So on = linux you would access http://yourserver/cgi-bin/WebCatalogEngine/Admin/  =     
You may experiment with the Windows = server equivalent of that URL and find all the stuff you're looking = for.

MD

On Apr 11, 2017, at 6:31 PM, = Kenneth Grome <ken@webdnasolutions.com> wrote:

I tested this and was able to = make it work. I reset my workstation's apache config to pretty close to = stock, and installed WebDNA Server 8.5.1 with the Ubuntu 14 installer. I = put this right in the apache config's virtual host:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule = "^/cgi-bin/WebCatalogEngine/Admin/" https://%{HTTP_HOST}%{REQUEST_URI} = [L,R=3D301,NC]

I ran quite a few tests and it = worked as expected. Hopefully that looks good, please let me know if = there are any problems.

- chris


On Mar = 31, 2017, at 06:38, Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

I've been = trying this for ages, didn't work on the cgi-bin dir, as that's a = special case in apache. The /WebCatalog dir is easy to rewrite (but did = a redirect in apache config, as that's where the admins have control, = not the content writer), /cgi-bin/WebCatalog/Engine/Admin refuses to be = rewritten.

I'm hoping the WebDNA specific code = will rewrite correctly..

On = March 29, 2017 at 10:27 PM Stuart Tremain <webdna@idfk.com.au> = wrote:

Or something as simple as adding

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://yoursecureddomain.com/$1 [R,L]

To .htaccess


Kind regards

Stuart Tremain
Pharoah Lane Software
AUSTRALIA






On 30 Mar 2017, at 05:04, Michael Davis <admin@network13.net>= wrote:

If you want = to lock down your Admin templates, and any template on the server that = is using plain http auth in the clear with the [protect] tag, add this = line to the top of your MultiGroupChecker:

[showif = [thisport]!443][redirect https://[GetMIMEHeader HTTP_HOST][thisurl]][/showif]=

Not sure at = what version [thisport] was added, so you'll have to test with your = version.

This = will redirect every [protect]-ed page on your server that is not = listening on port 443.  So you'll need to assess whether this will = break any web sites you are serving.  If you're not comfortable = putting this kind of blanket over the [protect] tag globally, you can = always add a qualifier:

[if = ("[thisport]"!"443")&("[thisurl]"^"/WebCatalogEngine/")][then][redirec= t [thisurl]][/then][/if"= = class=3D"">https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/then][/= if]


MD
On Mar = 27, 2017, at 1:52 AM, Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

Ok, we managed to secure = /WebCatalog/ dir with a permanent redirect to https, but the Admin dir = itself is placed in cgi-bin dir, which has a special status and can't be = handled in the same way. (other then redirecting the complete cgi-bin = dir)

To be = honest, I'm surprised that the application itself doesn't do anything to = improve security, other then username/password over an unencrypted link. = Personally I'm glad we can contain WebDNA in virtual 1 server. I = wouldn't want to provide services for several customers on 1 server with = it. It shows it's age.

On March = 9, 2017 at 2:46 PM Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

With all the help, the = environment we're setting up is running as I (and more importantly, the = customer) expect it to.

Is there an official way to = secure the admin interface within WebDNA so connects are only accepted = on https? We're trying to add a rewrite via apache config for the = WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to = secure the admin interface. 

Vriendelijke groet,





--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list . = To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --Apple-Mail=_6D7BCC41-0EDC-4468-BF5D-6D9DA81AFA01-- . Michael Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[OT] Discussion forum, last visit, Cookie, ... (2003) adding shipping cost (1998) Re:Help name our technology! (1997) Weird problems with [SHOWIF]s (1997) How To question on setting up downloads (1997) [Fwd: Rotating Banners ... (was LinkExchange)] (1997) Multiple catalog databases and showcart (1997) PSC recommends what date format yr 2000??? (1997) Error Lob.db records error message not name (1997) Virtual Postcards (1998) emailer (1997) Sorting error (1997) Multiple Pulldowns (1997) Page Breaks in Word (2003) Nitro plugin? (1998) Tracking (2004) Register First (2000) [SHOWIF AND/OR] (1997) [AppendFile] problem (WebCat2b13 Mac .acgi) (1997) Is everybody getting all the posts? (2002)