Protecting admin access

voopy

Joined
Jan 16, 2010
Messages
78
Likes
0
Points
0
#1
In my case, all users are remote so I need to put the desktop on the Internet. Is there a method by which to prevent remote users from reaching the admin section via URL blocking or some other means? It does not appear so.
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2
You could add a clause

<Directory "/var/www/html/admin">
deny from all
allow from my.allowed.network/netmask
</Directory>


to /etc/httpd/conf.d/elastix.conf

then issue

/etc/init.d/httpd restart
 

rafael

Joined
May 14, 2007
Messages
1,454
Likes
1
Points
0
#3
Be sure to put a secure password.

What does your remote users do? Do they need to access the web interfase?

It would be a good idea to use vpns between Elastix and your clients desktop/phones/networks.

Regards,

Rafael
 

voopy

Joined
Jan 16, 2010
Messages
78
Likes
0
Points
0
#4
They are all mobile and need access to the dashboard.
 

voopy

Joined
Jan 16, 2010
Messages
78
Likes
0
Points
0
#5
I've tried this but it seems to allow users in who aren't in the network range.
 

voopy

Joined
Jan 16, 2010
Messages
78
Likes
0
Points
0
#6
voopy said:
I've tried this but it seems to allow users in who aren't in the network range.
I had put the changes in when I asked here about this but had forgotten that the web server hasn't been restarted since then.

Next question; Any way of preventing the login pop up box next?
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#7
Why ??
 

voopy

Joined
Jan 16, 2010
Messages
78
Likes
0
Points
0
#8
To prevent temptation by anyone who found it popping up. We don't need this from outside, we need it only from inside while allowing users to get at their dashboard.
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#9
Then do the same thing in your .htaccess file
 

voopy

Joined
Jan 16, 2010
Messages
78
Likes
0
Points
0
#10
In the /admin/modules section then?
 

rafael

Joined
May 14, 2007
Messages
1,454
Likes
1
Points
0
#11

voopy

Joined
Jan 16, 2010
Messages
78
Likes
0
Points
0
#12
Yes, I understand what htaccess is, just wondered if you meant an existing one in the elastix structure. It sounds like you mean putting one at the root of the site then.
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#13
if you understand ". . what htaccess (sic) is . . ." then you will have no problem with the advice. Please feel free to use it wherever you feel comfortable. If however you don't yet fully understand what this means I suggest you put it in the highest level you want to restrict access to, or am I missing something in your post?

Again please try reading

http://httpd.apache.org/docs/2.0/howto/htaccess.html

or any number of other http security related posts available on "the google" .
 

voopy

Joined
Jan 16, 2010
Messages
78
Likes
0
Points
0
#14
No, nothing to miss. I am the one who was not sure if you were referring to the only htaccess file that is in the structure or suggesting I use the method.

I will use htaccess then, thank you for your help.
 

Staff online

Members online

Latest posts

Forum statistics

Threads
30,898
Messages
130,879
Members
17,560
Latest member
manuelc
Top