I am looking for the best way to securing access to SAC from the Internet? I was thinking either block access at the firewall or can I limit access in Tomcat to a specific subnet or addresses?
Thanks
Joe
Securing SAC from the Internet
Moderators: ScalixSupport, admin
-
jferrara
- Posts: 30
- Joined: Thu Jun 24, 2004 11:22 am
- Location: New Jersey
-
hydrospace
- Posts: 54
- Joined: Tue Mar 01, 2005 11:44 am
- Location: Leipzig, germany
- Contact:
As far as I know the valve conecept may be the solution you are looking for. Check http://tomcat.apache.org/tomcat-5.0-doc ... valve.html but I really do not know if this could have any side effects with sac though...
Stefan
Stefan
-
Valerion
- Scalix Star
- Posts: 2730
- Joined: Thu Feb 26, 2004 7:40 am
- Location: Johannesburg, South Africa
- Contact:
Since Scalix uses mod_jk you can use the apache access control for this. in /etc/opt/scalix-tomcat/connector/jk change the app-<hostname>.sac file from
JkMount /sac* workername
to
<Location "/sac*">
JkMount workername
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from .domain.com
</Location>
I haven't tested this, but it should work fine. If not we can troubleshoot it.
Also look at securing res and caa if you want to lock it down more.
JkMount /sac* workername
to
<Location "/sac*">
JkMount workername
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from .domain.com
</Location>
I haven't tested this, but it should work fine. If not we can troubleshoot it.
Also look at securing res and caa if you want to lock it down more.
Who is online
Users browsing this forum: No registered users and 9 guests