Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Protecting Your Admin Pages

Joined
Jun 7, 2009
Messages
543
Reaction score
221
I've been planning to post this for some time but haven't had the opportunity until now. I thought I would post a little guide so people that are running live servers on a dedicated server can protect their admin pages. For example iWeb and pwAdmin.

First of all you need to know which web server your admin pages are on and second you will need to know the IP address of your home and not the network address for those using routers. To find out your IP address go to google and type in "what is my ip".

-----------------------------------------------------------------------------

For Apache web server you will need to do the following

Go to the directory of your admin pages. For example opt/lampp/htdocs/iweb

Next create a file called .htaccess and then open it and add the following:
order deny,allow
deny from all
allow from 127.0.0.1

Change the IP address to that of your home computer.

-----------------------------------------------------------------------------

For Tomcat java web server you will need to do the following:

Go to [Tomcat]\conf\context.xml [Tomcat] being the location of where you installed it, for example in 343s release tomcat is located @ opt/apache-tomcat-5.5.28/

Next open the file context.xml and find this line:
<WatchedResource>WEB-INF/web.xml</WatchedResource>

Directly after this line paste this code:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>

Change the IP address to your home computers address, save the file and restart your tomcat server. That's it!

Hope this helps a few newbies out :D:
 
Initiate Mage
Joined
Aug 1, 2012
Messages
4
Reaction score
0
Hello . How's it going with your server? :) Nice tut there. Thanks for posting.
 
Last edited:
Joined
Oct 14, 2009
Messages
5,493
Reaction score
2,299
For Apache web server you will need to do the following

Go to the directory of your admin pages. For example opt/lampp/htdocs/iweb

Next create a file called .htaccess and then open it and add the following:
order deny,allow
deny from all
allow from 127.0.0.1

Change the IP address to that of your home computer.

Or, if you want to say, allow a connection from any machine within the LAN you could use this (my personal fav, so I can log in from any machine or device from within my own LAN):

order deny,allow
deny from all
allow from 10.0.0.0/255.255.0.0

of course adjusted for your own network (IP/SUBNET) :wink:

[With my example you can 'access' your admin site/pages from (say) a machine with the IP 10.0.0.10 or 10.0.50.1 or 10.0.128.64 etc...]

***************

So far I was able to locate this for the same concept as the one I use above for apache's httpd server, for tomcat:

<!-- allow only LAN IPs to connect to the manager webapp -->
<!-- contrary to the current Tomcat 5.5 documation the value for allow is not a regular expression -->
<!-- future versions may have to be specified as 192\.168\.1\.* -->
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="10.0.*.*" />

(add:)
Sweet, I do believe I have it all figured out now (how to set this for each 'webapp' too, so that some will be allowed LAN or WAN, and some will be LAN only). My next release/update will highly likely eliminate the redundant 2nd tomcat installation :):

To follow suit with allowing a connection from any PC/Machine/Device from within the LAN, this is the config I found works:

<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="*" allow="10.0.*.*" />

If you're looking to control each individual 'container' (like myself) then you would NOT want to add the above example to the context.xml located @ $CATALINA_HOME/conf/context.xml

(Because if you did add it to this one [the wrong one] the restrictions you make [like in this example: open to LAN only] then ALL webapps/containers will ONLY be accessible to the LAN)

To control individual 'containers' or 'webapps' you would add a config like my above example to:

$CATALINA_HOME/conf/[enginename]/[hostname]/[appDirectoryName].xml

OR to the webapp itself @

$CATALINA_HOME/webapps/[appName]/META-INF/context.xml
 
Last edited:
Experienced Elementalist
Joined
Nov 17, 2009
Messages
233
Reaction score
26
Since this is a sticky and I don't feel it will be re-vamped I wanted to state that you can also use SSH tunnels to secure your admin pages.

The way I would do this:
You would run your webserver or service as localhost:port or 127.0.0.1:port
Then in putty under connection > ssh > tunnels.
Source port will be the port you will be connecting to, destination will be where your source port will be forwarding you to.
So if I was connecting to port 8080 for pwadmin which is set to 127.0.0.1, I would enter a random source port such as 8888 with a destination localhost:8080 - note that your source port has to be higher than 1024.
then you would connect through ssh "hopefully with a dsa/rsa key" for that security boost.
open up your browser and find where the proxy settings are "I used foxyproxy for firefox that would auto proxy on specific address's" so I didn't have to do this every time, but you can manually change the proxy settings of your browser to say my port 8888 so it would be set socks 5, 127.0.0.1:8888, load up your pwadmin address and boom, connected to pwadmin securely.
I suck at writing guides and I know for a fact I messed up a few times but its pretty easy to understand what I mean. only posting this for future references to people looking to secure their server without starting a new thread on the forum.

a note to the newbies, if you change your proxy settings you will not be able to visit other webpages once you close connection to the proxy so you should disable the proxy when not connecting to the server.
 
Back
Top