Topic
  • 5 replies
  • Latest Post - ‏2012-07-13T14:48:08Z by Sunit
G.K.Munappy
G.K.Munappy
1 Post

Pinned topic How to prevent admin URL to acccess it only from intranet

‏2011-01-25T06:39:45Z |
We have got a J2EE application deployed on IBM websphere application server 6.1 ND and accessed using IBM HTTP Server 6.1.Currently application is exposed over internet and accessed by users using one url and admin module is accessed by admin using another url.How do we prevent admin users acccessing from internet.Admin module should be accessed from intranet only.Is there any way to do it either on web server / application server or network to give acccess to admin module only from intranet.
Can any body suggest a solution?
WIth Thanks & Regards
Gopinathan K.Munappy
Updated on 2012-07-13T14:48:08Z at 2012-07-13T14:48:08Z by Sunit
  • gas
    gas
    47 Posts

    Re: How to prevent admin URL to acccess it only from intranet

    ‏2011-01-25T21:15:21Z  
    Hi,

    If it is in separate web module then don't map this module to web server.
    If it is in one web module, you will have to somehow block the full url to the admin part, depends how the application is built.
  • GopinathanK.Munappy
    GopinathanK.Munappy
    1 Post

    Re: How to prevent admin URL to acccess it only from intranet

    ‏2011-01-26T13:11:44Z  
    • gas
    • ‏2011-01-25T21:15:21Z
    Hi,

    If it is in separate web module then don't map this module to web server.
    If it is in one web module, you will have to somehow block the full url to the admin part, depends how the application is built.
    First of all I DO thank you for your response.
    I like add few more facts related to the application.
    Whole application including admin in deployed as a single EAR file.Only URLs are different to access the user application and admin application.
    I did not understand when you mentioned "somehow block the full url to the admin part".Please do eloborate.

    With Thanks & Regards
    Gopinathan K.M
  • gas
    gas
    47 Posts

    Re: How to prevent admin URL to acccess it only from intranet

    ‏2011-01-26T16:37:04Z  
    First of all I DO thank you for your response.
    I like add few more facts related to the application.
    Whole application including admin in deployed as a single EAR file.Only URLs are different to access the user application and admin application.
    I did not understand when you mentioned "somehow block the full url to the admin part".Please do eloborate.

    With Thanks & Regards
    Gopinathan K.M
    In one EAR file you may have many WAR files (web modules) then each one may have different root context, in that case you could be able to remove context from plugin-cfg.xml.

    If it is all in one web module, post some sample urls for your normal module and admin module.

    By blocking url I was thinking about using Location, like this:
    <Location /status>
    SetHandler server-status
    Order Deny,Allow
    Deny from all
    </Location>

    but I'm not sure whether it would work.
  • SystemAdmin
    SystemAdmin
    3903 Posts

    Re: How to prevent admin URL to acccess it only from intranet

    ‏2012-07-11T17:41:32Z  
    • gas
    • ‏2011-01-26T16:37:04Z
    In one EAR file you may have many WAR files (web modules) then each one may have different root context, in that case you could be able to remove context from plugin-cfg.xml.

    If it is all in one web module, post some sample urls for your normal module and admin module.

    By blocking url I was thinking about using Location, like this:
    <Location /status>
    SetHandler server-status
    Order Deny,Allow
    Deny from all
    </Location>

    but I'm not sure whether it would work.
    HI All,

    Facing the same problem.. If some one have an answer for the question please respond.

    Thanks in Advance

    Sakthi
  • Sunit
    Sunit
    206 Posts

    Re: How to prevent admin URL to acccess it only from intranet

    ‏2012-07-13T14:48:08Z  
    HI All,

    Facing the same problem.. If some one have an answer for the question please respond.

    Thanks in Advance

    Sakthi
    1. If the admin module is a separate war than the user module then you have an option of not mapping the admin module to Internet facing web server.

    2. If both modules are part of the same root context but different sub-directories under it then use mod_rewrite to allow access to this only from a list of internal IP addresses.

    • Sunit