Securing SAC from the Internet
Posted: Sat Feb 10, 2007 3:35 pm
by jferrara
I am looking for the best way to securing access to SAC from the Internet? I was thinking either block access at the firewall or can I limit access in Tomcat to a specific subnet or addresses?
Thanks
Joe
Posted: Sat Feb 10, 2007 4:33 pm
by hydrospace
As far as I know the valve conecept may be the solution you are looking for. Check
http://tomcat.apache.org/tomcat-5.0-doc ... valve.html but I really do not know if this could have any side effects with sac though...
Stefan
Posted: Mon Feb 12, 2007 4:57 am
by Valerion
Since Scalix uses mod_jk you can use the apache access control for this. in /etc/opt/scalix-tomcat/connector/jk change the app-<hostname>.sac file from
JkMount /sac* workername
to
<Location "/sac*">
JkMount workername
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from .domain.com
</Location>
I haven't tested this, but it should work fine. If not we can troubleshoot it.
Also look at securing res and caa if you want to lock it down more.