apache
config
proxy
security
System Administrator
List of URLs to block
Question
What is the list of URL that might be blocked from the proxy to avoid users to access them?Answer
URL | Description |
---|---|
/start |
login page |
/jahia/* |
technical urls with Jahia 8 |
/cms/login |
login page |
/cms/admin/* |
administration |
/welcome/adminmode |
administration |
/cms/edit/* |
edit mode |
/cms/contribute/* |
contribute mode |
/cms/studio/* |
studio mode |
/tools/* |
admin tools for debugging (secured with basic HTTP authentication) |
/modules/tools |
admin tools for debugging (secured with basic HTTP authentication) |
/repository/* |
Webdav access to the repository |
/server/* |
Webdav access to the repository |
Here is a very easy way to do it on an Apache HTTP Server Version 2.4 using the Apache module mod_authz_host :
# secure login/admin/contrib/edit URLs from outside our network
# allowed_ip list all authorized IPs separed by space
Define allowed_ip "192.168.1.10 192.168.1.18 10.1.123.21"
<LocationMatch "^/(start|cms\/login|cms\/admin|welcome\/adminmode|cms\/edit|cms\/contribute|cms\/studio|tools|modules\/tools|repository|server)">
Require ip ${allowed_ip}
</LocationMatch>
Starting from Jahia 8.0, you can also filter URLs starting of this kind: /jahia/*
.
To do so, you can an additional directive of this kind:
<LocationMatch "^/jahia/.*">
Require ip ${allowed_ip}
</LocationMatch>
Here is also an example with HAProxy:
acl authorized_ips req.hdr_ip(x-forwarded-for,-1) -m ip 8.8.8.8/32
acl technical_urls path_beg -i /cms /tools /modules /administration /start /jahia
http-request deny if technical_urls !authorized_ips