Is it possible to restrict access to any website except https://server/webmail. We are suceesfully using webmail, but want to restrict access externally to the SAC pages for security purposes.
Presently, in my test environment any user can access the SAC externally and we would rather that didn't happen.
Thx in advance
Prevent access to SAC from Extrnal network
Moderator: ScalixSupport
-
ScalixSupport
- Scalix
- Posts: 5503
- Joined: Thu Mar 25, 2004 8:15 pm
I think the easiest way to go about this would be to remove sac from the mod_jk configuration and open port 8080 for tomcat.
Since you didn't mention your OS I'll tell you how to do this for redhat. In /etc/httpd/conf.d you will see scalix-jk-common.conf. Edit that file and comment out the line
#JkMount /sac* worker1
Issue:
service httpd restart
and you will no longer see the sac page.
Then edit /opt/scalix-tomcat/conf/server.xml and uncomment this section:
Remove the two lines that say "disabled by scalix installer" at the top and bottom of the section. Restart tomcat with
service scalix-tomcat restart
Now you will access sac with the url
server:8080/sac
Regards,
Don
Since you didn't mention your OS I'll tell you how to do this for redhat. In /etc/httpd/conf.d you will see scalix-jk-common.conf. Edit that file and comment out the line
#JkMount /sac* worker1
Issue:
service httpd restart
and you will no longer see the sac page.
Then edit /opt/scalix-tomcat/conf/server.xml and uncomment this section:
Code: Select all
<!-- DISABLED BY SCALIX INSTALLER
<Connector port="8080"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
DISABLED BY SCALIX INSTALLER -->Remove the two lines that say "disabled by scalix installer" at the top and bottom of the section. Restart tomcat with
service scalix-tomcat restart
Now you will access sac with the url
server:8080/sac
Regards,
Don
-
Tekoloshe
Re: Prevent access to SAC from Extrnal network
Hi,
how do I solve this with an 11.4.3 Version?
The files that are mentioned above are no longer there......
Many THX!!!
how do I solve this with an 11.4.3 Version?
The files that are mentioned above are no longer there......
Many THX!!!
-
SinnaIKS
Re: Prevent access to SAC from Extrnal network
Tekoloshe: Edit the file /var/opt/scalix/ml/tomcat/conf/Catalina/localhost/sac.xml
The above uses the allow 127.0.0.1 which will restrict access to localhost, You may change the allow value to a list of IP address or a subnet, eg:
allow="172.16.0.1, 172.16.0.2, 172.16.0.1"
allow="172.16.0.*"
Code: Select all
<Context path="/sac" docBase="/opt/scalix/web/scalix-admin-console.war"
debug="0" privileged="true" reloadable="false">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="scalix-sac_log." suffix=".txt"
timestamp="true"/>
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>
</Context>
The above uses the allow 127.0.0.1 which will restrict access to localhost, You may change the allow value to a list of IP address or a subnet, eg:
allow="172.16.0.1, 172.16.0.2, 172.16.0.1"
allow="172.16.0.*"
Return to “Scalix Management Services”
Who is online
Users browsing this forum: No registered users and 1 guest