numero = 113526
interpreted = N
texte = 1121 --Apple-Mail=_E6FE6C02-ED52-4591-A44C-8E0CC5F0E1E9 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Or something as simple as adding RewriteCond %{SERVER_PORT} 80=20 RewriteRule ^(.*)$ https://yoursecureddomain.com/$1 [R,L] To .htaccess Kind regards Stuart Tremain Pharoah Lane Software AUSTRALIA webdna@idfk.com.au > On 30 Mar 2017, at 05:04, Michael Davis wrote: >=20 > If you want to lock down your Admin templates, and any template on the = server that is using plain http auth in the clear with the [protect] = tag, add this line to the top of your MultiGroupChecker: >=20 > [showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][ThisURL]][/showif] >=20 > Not sure at what version [thisport] was added, so you'll have to test = with your version. >=20 > This will redirect every [protect]-ed page on your server that is not = listening on port 443. So you'll need to assess whether this will break = any web sites you are serving. If you're not comfortable putting this = kind of blanket over the [protect] tag globally, you can always add a = qualifier: >=20 > [if = ("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirect = https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/if = ] >=20 >=20 > MD >> On Mar 27, 2017, at 1:52 AM, Jan Huijsmans = > = wrote: >>=20 >> Hi, >>=20 >> Ok, we managed to secure /WebCatalog/ dir with a permanent redirect = to https, but the Admin dir itself is placed in cgi-bin dir, which has a = special status and can't be handled in the same way. (other then = redirecting the complete cgi-bin dir) >>=20 >> To be honest, I'm surprised that the application itself doesn't do = anything to improve security, other then username/password over an = unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 = server. I wouldn't want to provide services for several customers on 1 = server with it. It shows it's age. >>=20 >>> On March 9, 2017 at 2:46 PM Jan Huijsmans = > = wrote: >>>=20 >>> Hi, >>>=20 >>> With all the help, the environment we're setting up is running as I = (and more importantly, the customer) expect it to. >>>=20 >>> Is there an official way to secure the admin interface within WebDNA = so connects are only accepted on https? We're trying to add a rewrite = via apache config for the WebCatalogEngine/Admin dir, but somehow it = feels as the wrong way to secure the admin interface.=20 >>>=20 >>> Vriendelijke groet, >>>=20 >>> >>>=20 >>=20 >> =20 >>=20 >>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list >>=20 >> Vriendelijke groet, >>=20 >> >>=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us = Bug Reporting: = support@webdna.us > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us --Apple-Mail=_E6FE6C02-ED52-4591-A44C-8E0CC5F0E1E9 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Or something as simple as adding
If you want to = lock down your Admin templates, and any template on the server that is = using plain http auth in the clear with the [protect] tag, add this line = to the top of your MultiGroupChecker:
Not sure at what version [thisport] was = added, so you'll have to test with your version.
This will redirect every [protect]-ed = page on your server that is not listening on port 443. So you'll = need to assess whether this will break any web sites you are serving. = If you're not comfortable putting this kind of blanket over the = [protect] tag globally, you can always add a qualifier:
Ok, we managed to secure = /WebCatalog/ dir with a permanent redirect to https, but the Admin dir = itself is placed in cgi-bin dir, which has a special status and can't be = handled in the same way. (other then redirecting the complete cgi-bin = dir)
To be honest, I'm surprised that the application itself = doesn't do anything to improve security, other then username/password = over an unencrypted link. Personally I'm glad we can contain WebDNA in = virtual 1 server. I wouldn't want to provide services for several = customers on 1 server with it. It shows it's age.
With all the help, the = environment we're setting up is running as I (and more importantly, the = customer) expect it to.
Is there an official way to = secure the admin interface within WebDNA so connects are only accepted = on https? We're trying to add a rewrite via apache config for the = WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to = secure the admin interface.
Vriendelijke groet,
<Mail = Attachment.png>
--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list
Vriendelijke groet,
<Mail = Attachment.png>
--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list. = To unsubscribe, E-mail to:archives:http://mail.webdna.us/list/talk@webdna.usBug Reporting:support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us
= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --Apple-Mail=_E6FE6C02-ED52-4591-A44C-8E0CC5F0E1E9-- .
Associated Messages, from the most recent to the oldest:
1121 --Apple-Mail=_E6FE6C02-ED52-4591-A44C-8E0CC5F0E1E9 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Or something as simple as adding RewriteCond %{SERVER_PORT} 80=20 RewriteRule ^(.*)$ https://yoursecureddomain.com/$1 [R,L] To .htaccess Kind regards Stuart Tremain Pharoah Lane Software AUSTRALIA webdna@idfk.com.au > On 30 Mar 2017, at 05:04, Michael Davis wrote: >=20 > If you want to lock down your Admin templates, and any template on the = server that is using plain http auth in the clear with the [protect] = tag, add this line to the top of your MultiGroupChecker: >=20 > [showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][thisurl]][/showif] >=20 > Not sure at what version [thisport] was added, so you'll have to test = with your version. >=20 > This will redirect every [protect]-ed page on your server that is not = listening on port 443. So you'll need to assess whether this will break = any web sites you are serving. If you're not comfortable putting this = kind of blanket over the [protect] tag globally, you can always add a = qualifier: >=20 > [if = ("[thisport]"!"443")&("[thisurl]"^"/WebCatalogEngine/")][then][redirect = https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/then][/if = [thisurl]][/then][/if>] >=20 >=20 > MD >> On Mar 27, 2017, at 1:52 AM, Jan Huijsmans = > = wrote: >>=20 >> Hi, >>=20 >> Ok, we managed to secure /WebCatalog/ dir with a permanent redirect = to https, but the Admin dir itself is placed in cgi-bin dir, which has a = special status and can't be handled in the same way. (other then = redirecting the complete cgi-bin dir) >>=20 >> To be honest, I'm surprised that the application itself doesn't do = anything to improve security, other then username/password over an = unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 = server. I wouldn't want to provide services for several customers on 1 = server with it. It shows it's age. >>=20 >>> On March 9, 2017 at 2:46 PM Jan Huijsmans = > = wrote: >>>=20 >>> Hi, >>>=20 >>> With all the help, the environment we're setting up is running as I = (and more importantly, the customer) expect it to. >>>=20 >>> Is there an official way to secure the admin interface within WebDNA = so connects are only accepted on https? We're trying to add a rewrite = via apache config for the WebCatalogEngine/Admin dir, but somehow it = feels as the wrong way to secure the admin interface.=20 >>>=20 >>> Vriendelijke groet, >>>=20 >>> >>>=20 >>=20 >> =20 >>=20 >>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list >>=20 >> Vriendelijke groet, >>=20 >> >>=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us = Bug Reporting: = support@webdna.us > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us --Apple-Mail=_E6FE6C02-ED52-4591-A44C-8E0CC5F0E1E9 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Or something as simple as adding
If you want to = lock down your Admin templates, and any template on the server that is = using plain http auth in the clear with the [protect] tag, add this line = to the top of your MultiGroupChecker:
Not sure at what version [thisport] was = added, so you'll have to test with your version.
This will redirect every [protect]-ed = page on your server that is not listening on port 443. So you'll = need to assess whether this will break any web sites you are serving. = If you're not comfortable putting this kind of blanket over the = [protect] tag globally, you can always add a qualifier:
[if = ("[thisport]"!"443")&("[thisurl]"^"/WebCatalogEngine/")][then][redirec= t [thisurl]][/then][/if"= = class=3D"">https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/then][/= if]
Ok, we managed to secure = /WebCatalog/ dir with a permanent redirect to https, but the Admin dir = itself is placed in cgi-bin dir, which has a special status and can't be = handled in the same way. (other then redirecting the complete cgi-bin = dir)
To be honest, I'm surprised that the application itself = doesn't do anything to improve security, other then username/password = over an unencrypted link. Personally I'm glad we can contain WebDNA in = virtual 1 server. I wouldn't want to provide services for several = customers on 1 server with it. It shows it's age.
With all the help, the = environment we're setting up is running as I (and more importantly, the = customer) expect it to.
Is there an official way to = secure the admin interface within WebDNA so connects are only accepted = on https? We're trying to add a rewrite via apache config for the = WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to = secure the admin interface.
Vriendelijke groet,
<Mail = Attachment.png>
--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list
Vriendelijke groet,
<Mail = Attachment.png>
--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list. = To unsubscribe, E-mail to:archives:http://mail.webdna.us/list/talk@webdna.usBug Reporting:support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us
= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --Apple-Mail=_E6FE6C02-ED52-4591-A44C-8E0CC5F0E1E9-- .
Stuart Tremain
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...