apache
config
proxy
security
List of URLs to block
Question
What is the list of URL that might be blocked from the proxy to avoid users to access them?Answer
URL | Description |
---|---|
/start |
login page |
/jahia/* |
technical urls with Jahia 8 |
/cms/login |
login page |
/cms/admin/* |
administration |
/welcome/adminmode |
administration |
/cms/edit/* |
edit mode |
/cms/contribute/* |
contribute mode |
/cms/studio/* |
studio mode |
/tools/* |
admin tools for debugging (secured with basic HTTP authentication) |
/modules/tools |
admin tools for debugging (secured with basic HTTP authentication) |
/repository/* |
Webdav access to the repository |
/server/* |
Webdav access to the repository |
Here is a very easy way to do it on an Apache HTTP Server Version 2.4 using the Apache module mod_authz_host :
# secure login/admin/contrib/edit URLs from outside our network
# allowed_ip list all authorized IPs separed by space
Define allowed_ip "192.168.1.10 192.168.1.18 10.1.123.21"
<LocationMatch "^/(start|cms\/login|cms\/admin|welcome\/adminmode|cms\/edit|cms\/contribute|cms\/studio|tools|modules\/tools|repository|server)">
Require ip ${allowed_ip}
</LocationMatch>
Starting from Jahia 8.0, you can also filter URLs starting of this kind: /jahia/*
.
To do so, you can an additional directive of this kind:
<LocationMatch "^/jahia/.*">
Require ip ${allowed_ip}
</LocationMatch>
Here is also an example with HAProxy:
acl authorized_ips req.hdr_ip(x-forwarded-for,-1) -m ip 8.8.8.8/32
acl technical_urls path_beg -i /cms /tools /modules /administration /start /jahia
http-request deny if technical_urls !authorized_ips