4621 Posts in 1397 Topics by 1392 members
|Go to End|
12 March 2010 at 8:29am Last edited: 12 March 2010 8:30am
I work for a rather large company and my little corner of the company is trying to use SilverStripe as an info-only site that is available internally (to employees) and externally (to people seeking info about the company). The "info only" part means that our visitors (internal or external) will only be able to view content....no need for signing in, user groups, etc.
So, to get SilverStripe approved, I've got a test install running on a test webserver (internal) I have access to...everything is running perfectly and so far, everyone loves it.
Well, everyone loved it until I got reviewed by our security group. Since external users can access the site and the site has logins that give access to an internal DB.....they nutted out.
So, i've been presented with the following requirement: For production, I need to install SilverStripe in two locations, pointing to the same DB - one location is internally accessed only and the other location will be where the whole world can access. The internal install is the only one allowed to have the ability to even see the admin login, let alone log in. Externally, they don't want anyone to be able to even hit the login page. In a nutshell, "admin cannot exist for the external install".
I read this post: http://www.silverstripe.org/general-questions/show/276951#post276951
While it rendered the login page completely dead.....it also killed the site itself.
Any ideas on how to meet this requirement? I'd really hate to have to start this whole process over and find a different solution...I was really digging SilverStripe
12 March 2010 at 9:55am
I think the best way to do this is lock out the URLs using .htaccess, so you'll have one internally which allows access to everything, then a replacement .htaccess for the live site which contains a list of URLs which get denied.
12 March 2010 at 11:06am
Just checked, htaccess isn't acceptable for this. They don't want /admin blocked, they want it gone entirely.
Any idea which files/folders can be safely deleted and remove the admin aspect entirely?
12 March 2010 at 11:30am Last edited: 12 March 2010 11:48am
Hm, that's some pretty restrictive requirements.
Well, does it have to be gone completely or can it just go to a 404?
There's also the option of doing something like this in your mysite/_config.php (which kicks in when the site is in "live" mode):
'admin' => '->page-not-found',
'interactive' => '->page-not-found',
'DevelopmentAdmin' => '->page-not-found',
'DatabaseAdmin' => '->page-not-found',
'db' => '->page-not-found',
"admin" is just a virtual URL segment generated by cms/_config.php which calls up CMSMenu to add the admin URLs. The above rules will force it to a 404 page instead, doing a redirection to the page with "page-not-found" as the URL segment.
If you _really_ want it gone completely, you'll have to edit cms/_config.php and remove the "admin" rules from there. However, my example is essentially doing the same thing, and it's the closest you'll get to the source without modifying the core directly or using an .htaccess rule.
Hope this helps!
12 March 2010 at 11:49am
I'll try the above code first and see how that works. In case I can't find the documentation, how do you ensure the site is in live mode? First pass on the above....didn't work, so I may be doing the Live Mode aspect incorrectly.
12 March 2010 at 11:53am Last edited: 12 March 2010 11:55am
Site mode is set from your _ss_environment.php file. You probably won't have one, so I suggest reading this page and setting it up. You'll need it if you're going from a staging to a production site so you can change per-environment variables:
The way it works is each environment (e.g., development, staging, production etc) has it's own _ss_environment.php file which tells the sites on the server what mode it's in e.g. "dev" "test" or "live". There's also database connection details so the sites know which database to connect to.
|Go to Top|