Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Installing SilverStripe /

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Disable Admin Access from External


Reply


6 Posts   1458 Views

Avatar
pitsnipe

Community Member, 3 Posts

12 March 2010 at 8:29am

Edited: 12/03/2010 8:30am

I work for a rather large company and my little corner of the company is trying to use SilverStripe as an info-only site that is available internally (to employees) and externally (to people seeking info about the company). The "info only" part means that our visitors (internal or external) will only be able to view content....no need for signing in, user groups, etc.

So, to get SilverStripe approved, I've got a test install running on a test webserver (internal) I have access to...everything is running perfectly and so far, everyone loves it.

Well, everyone loved it until I got reviewed by our security group. Since external users can access the site and the site has logins that give access to an internal DB.....they nutted out.

So, i've been presented with the following requirement: For production, I need to install SilverStripe in two locations, pointing to the same DB - one location is internally accessed only and the other location will be where the whole world can access. The internal install is the only one allowed to have the ability to even see the admin login, let alone log in. Externally, they don't want anyone to be able to even hit the login page. In a nutshell, "admin cannot exist for the external install".

I read this post: http://www.silverstripe.org/general-questions/show/276951#post276951

While it rendered the login page completely dead.....it also killed the site itself.

Any ideas on how to meet this requirement? I'd really hate to have to start this whole process over and find a different solution...I was really digging SilverStripe

Avatar
Sean

Forum Moderator, 922 Posts

12 March 2010 at 9:55am

I think the best way to do this is lock out the URLs using .htaccess, so you'll have one internally which allows access to everything, then a replacement .htaccess for the live site which contains a list of URLs which get denied.

Avatar
pitsnipe

Community Member, 3 Posts

12 March 2010 at 11:06am

Just checked, htaccess isn't acceptable for this. They don't want /admin blocked, they want it gone entirely.

Any idea which files/folders can be safely deleted and remove the admin aspect entirely?

Avatar
Sean

Forum Moderator, 922 Posts

12 March 2010 at 11:30am

Edited: 12/03/2010 11:48am

Hm, that's some pretty restrictive requirements.

Well, does it have to be gone completely or can it just go to a 404?

There's also the option of doing something like this in your mysite/_config.php (which kicks in when the site is in "live" mode):

if(Director::isLive()) {
   Director::addRules(30, array(
      'admin' => '->page-not-found',
      'interactive' => '->page-not-found',
      'DevelopmentAdmin' => '->page-not-found',
      'DatabaseAdmin' => '->page-not-found',
      'db' => '->page-not-found',
   ));
}

"admin" is just a virtual URL segment generated by cms/_config.php which calls up CMSMenu to add the admin URLs. The above rules will force it to a 404 page instead, doing a redirection to the page with "page-not-found" as the URL segment.

If you _really_ want it gone completely, you'll have to edit cms/_config.php and remove the "admin" rules from there. However, my example is essentially doing the same thing, and it's the closest you'll get to the source without modifying the core directly or using an .htaccess rule.

Hope this helps!

Sean

Avatar
pitsnipe

Community Member, 3 Posts

12 March 2010 at 11:49am

Thanks Sean

I'll try the above code first and see how that works. In case I can't find the documentation, how do you ensure the site is in live mode? First pass on the above....didn't work, so I may be doing the Live Mode aspect incorrectly.

Avatar
Sean

Forum Moderator, 922 Posts

12 March 2010 at 11:53am

Edited: 12/03/2010 11:55am

Site mode is set from your _ss_environment.php file. You probably won't have one, so I suggest reading this page and setting it up. You'll need it if you're going from a staging to a production site so you can change per-environment variables:

[url]http://doc.silverstripe.org/doku.php?id=environment-management[/url]

The way it works is each environment (e.g., development, staging, production etc) has it's own _ss_environment.php file which tells the sites on the server what mode it's in e.g. "dev" "test" or "live". There's also database connection details so the sites know which database to connect to.

Sean