SAC / Webmail Access
Posted: Tue Jan 31, 2006 2:18 pm
by robspierre
Is there a way to give Webmail access to an entire subnet, but restrict SAC access to a certain IP address (or address range) therein? For example, I would like to grant access to Webmail for any client on the 192.168.100.0 /24 subnet, but grant access to SAC only to 192.168.100.2. Something of that nature. Anyone know of a way to handle this?
Posted: Tue Jan 31, 2006 8:15 pm
by axsom1
I do this in my jk config.
Something like:
Code: Select all
<Location "/webmail">
JkUriSet group ajp13:localhost:8009
Order Deny, Allow
Deny from all
Allow from 192.168.100
</Location>
<Location "/sac">
JkUriSet group ajp13:localhost:8009
Order Deny, Allow
Deny from all
Allow from 192.168.100.2
</Location>
I'm sure there are other ways to do it, but that's how we do it.
John
Posted: Wed Feb 08, 2006 12:50 am
by robspierre
You can also accomplish this by editing the
scalix-admin.xml file in the
../JK_HOME/conf/Catalina/localhost/ directory.
By adding a Valve to the Context element with the appropriate "accept" and/or "deny" filters, access to SAC can be restricted to a single IP address, subnet, domain name, host name, etc. (or some other multitude or combination therein). Here's is an example limiting access to SAC to 192.168.200.2
Code: Select all
<Context path="/sac" docBase="sac"
debug="0" privileged="true" reloadable="false">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192.168.200.2"/>
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="scalix-sac_log." suffix=".txt"
timestamp="true"/>
</Context>
See the following link for more info as well.
http://tomcat.apache.org/tomcat-4.0-doc/config/context.html