Protecting admin access

Discussion in 'General' started by voopy, Jan 26, 2010.

  1. voopy

    Joined:
    Jan 16, 2010
    Messages:
    78
    Likes Received:
    0
    In my case, all users are remote so I need to put the desktop on the Internet. Is there a method by which to prevent remote users from reaching the admin section via URL blocking or some other means? It does not appear so.
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    You could add a clause

    <Directory "/var/www/html/admin">
    deny from all
    allow from my.allowed.network/netmask
    </Directory>


    to /etc/httpd/conf.d/elastix.conf

    then issue

    /etc/init.d/httpd restart
     
  3. rafael

    Joined:
    May 14, 2007
    Messages:
    1,454
    Likes Received:
    1
    Be sure to put a secure password.

    What does your remote users do? Do they need to access the web interfase?

    It would be a good idea to use vpns between Elastix and your clients desktop/phones/networks.

    Regards,

    Rafael
     
  4. voopy

    Joined:
    Jan 16, 2010
    Messages:
    78
    Likes Received:
    0
    They are all mobile and need access to the dashboard.
     
  5. voopy

    Joined:
    Jan 16, 2010
    Messages:
    78
    Likes Received:
    0
    I've tried this but it seems to allow users in who aren't in the network range.
     
  6. voopy

    Joined:
    Jan 16, 2010
    Messages:
    78
    Likes Received:
    0
    I had put the changes in when I asked here about this but had forgotten that the web server hasn't been restarted since then.

    Next question; Any way of preventing the login pop up box next?
     
  7. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
  8. voopy

    Joined:
    Jan 16, 2010
    Messages:
    78
    Likes Received:
    0
    To prevent temptation by anyone who found it popping up. We don't need this from outside, we need it only from inside while allowing users to get at their dashboard.
     
  9. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Then do the same thing in your .htaccess file
     
  10. voopy

    Joined:
    Jan 16, 2010
    Messages:
    78
    Likes Received:
    0
    In the /admin/modules section then?
     
  11. rafael

    Joined:
    May 14, 2007
    Messages:
    1,454
    Likes Received:
    1
  12. voopy

    Joined:
    Jan 16, 2010
    Messages:
    78
    Likes Received:
    0
    Yes, I understand what htaccess is, just wondered if you meant an existing one in the elastix structure. It sounds like you mean putting one at the root of the site then.
     
  13. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    if you understand ". . what htaccess (sic) is . . ." then you will have no problem with the advice. Please feel free to use it wherever you feel comfortable. If however you don't yet fully understand what this means I suggest you put it in the highest level you want to restrict access to, or am I missing something in your post?

    Again please try reading

    http://httpd.apache.org/docs/2.0/howto/htaccess.html

    or any number of other http security related posts available on "the google" .
     
  14. voopy

    Joined:
    Jan 16, 2010
    Messages:
    78
    Likes Received:
    0
    No, nothing to miss. I am the one who was not sure if you were referring to the only htaccess file that is in the structure or suggesting I use the method.

    I will use htaccess then, thank you for your help.
     

Share This Page