Hi!
Is it possible to only allow admin login from certain hosts (ip or range)?
Regards
/Uggla
Hi Henrik
First, you can have many admins, each user user with the role ROLE_ADMINISTRATOR is an admin. Creating an IP filter depending on the roles of a user is NOT supported and I have no idea about a workaround.
Christian
···
2013/5/7 Uggla Henrik <Henrik.Uggla@anonymised.com>
Hi!
Is it possible to only allow admin login from certain hosts (ip or range)?
Regards
/Uggla
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Hi Henrik
Please stay on the mailing list, otherwise other users cannot assist.
Again, this is not possible. GeoServer itself has no IP filtering mechanisms, this would be a new feature.
Perhaps your servlet container offers a mechanism. For tomcat, see
http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Address_Filter
You have to protect /geoserver/web/* path.
Christian
···
2013/5/7 Uggla Henrik <Henrik.Uggla@anonymised.com>
Is it possible to have an IP filter for the web interface regardless of user and role (but still have public access to map services)?
/Henrik
Från: Christian Mueller [mailto:christian.mueller@anonymised.com]
Skickat: den 7 maj 2013 10:02
Till: Uggla Henrik
Kopia: geoserver-users@lists.sourceforge.net
Ämne: Re: [Geoserver-users] Restrict admin access by ip/host?Hi Henrik
First, you can have many admins, each user user with the role ROLE_ADMINISTRATOR is an admin. Creating an IP filter depending on the roles of a user is NOT supported and I have no idea about a workaround.
Christian
2013/5/7 Uggla Henrik <Henrik.Uggla@anonymised.com>
Hi!
Is it possible to only allow admin login from certain hosts (ip or range)?
Regards
/Uggla
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Thanks, I’ll look into it.
Sorry, I just replied and thought it was to the mailing list (not to you personally).
/Henrik
···
Hi Henrik
Please stay on the mailing list, otherwise other users cannot assist.
Again, this is not possible. GeoServer itself has no IP filtering mechanisms, this would be a new feature.
Perhaps your servlet container offers a mechanism. For tomcat, see
http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Address_Filter
You have to protect /geoserver/web/* path.
Christian
2013/5/7 Uggla Henrik <Henrik.Uggla@anonymised.com>
Is it possible to have an IP filter for the web interface regardless of user and role (but still have public access to map services)?
/Henrik
Från: Christian Mueller [mailto:christian.mueller@anonymised.com]
Skickat: den 7 maj 2013 10:02
Till: Uggla Henrik
Kopia: geoserver-users@lists.sourceforge.net
Ämne: Re: [Geoserver-users] Restrict admin access by ip/host?
Hi Henrik
First, you can have many admins, each user user with the role ROLE_ADMINISTRATOR is an admin. Creating an IP filter depending on the roles of a user is NOT supported and I have no idea about a workaround.
Christian
2013/5/7 Uggla Henrik <Henrik.Uggla@anonymised.com>
Hi!
Is it possible to only allow admin login from certain hosts (ip or range)?
Regards
/Uggla
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Hi,
in tomcat6 server.xml you can do this like:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="10\.152\.248\.22[4-9], 10\.152\.248\.2[345].*,
10\.136\.248\.22[4-9], 10\.136\.248\.2[345].*, 10\.152\.53\.73"
deny=""
/>
--
View this message in context: http://osgeo-org.1560.x6.nabble.com/Restrict-admin-access-by-ip-host-tp5051772p5051832.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
I've solved it!
To allow access only for the clients connecting from localhost add the following lines to webapps/geoserver/WEB-INF/web.xml (and restart tomcat7)
<filter>
<filter-name>Remote Address Filter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Remote Address Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
/Uggla