Jump to:

4952 Posts in 14256 Topics by 1491 members

Installing SilverStripe

SilverStripe Forums » Installing SilverStripe » Disable Admin Access from External

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1398 Views
  • pitsnipe
    Avatar
    Community Member
    3 Posts

    Disable Admin Access from External Link to this post

    I work for a rather large company and my little corner of the company is trying to use SilverStripe as an info-only site that is available internally (to employees) and externally (to people seeking info about the company). The "info only" part means that our visitors (internal or external) will only be able to view content....no need for signing in, user groups, etc.

    So, to get SilverStripe approved, I've got a test install running on a test webserver (internal) I have access to...everything is running perfectly and so far, everyone loves it.

    Well, everyone loved it until I got reviewed by our security group. Since external users can access the site and the site has logins that give access to an internal DB.....they nutted out.

    So, i've been presented with the following requirement: For production, I need to install SilverStripe in two locations, pointing to the same DB - one location is internally accessed only and the other location will be where the whole world can access. The internal install is the only one allowed to have the ability to even see the admin login, let alone log in. Externally, they don't want anyone to be able to even hit the login page. In a nutshell, "admin cannot exist for the external install".

    I read this post: http://www.silverstripe.org/general-questions/show/276951#post276951

    While it rendered the login page completely dead.....it also killed the site itself.

    Any ideas on how to meet this requirement? I'd really hate to have to start this whole process over and find a different solution...I was really digging SilverStripe

  • Sean
    Avatar
    Forum Moderator
    921 Posts

    Re: Disable Admin Access from External Link to this post

    I think the best way to do this is lock out the URLs using .htaccess, so you'll have one internally which allows access to everything, then a replacement .htaccess for the live site which contains a list of URLs which get denied.

  • pitsnipe
    Avatar
    Community Member
    3 Posts

    Re: Disable Admin Access from External Link to this post

    Just checked, htaccess isn't acceptable for this. They don't want /admin blocked, they want it gone entirely.

    Any idea which files/folders can be safely deleted and remove the admin aspect entirely?

  • Sean
    Avatar
    Forum Moderator
    921 Posts

    Re: Disable Admin Access from External Link to this post

    Hm, that's some pretty restrictive requirements.

    Well, does it have to be gone completely or can it just go to a 404?

    There's also the option of doing something like this in your mysite/_config.php (which kicks in when the site is in "live" mode):

    if(Director::isLive()) {
       Director::addRules(30, array(
          'admin' => '->page-not-found',
          'interactive' => '->page-not-found',
          'DevelopmentAdmin' => '->page-not-found',
          'DatabaseAdmin' => '->page-not-found',
          'db' => '->page-not-found',
       ));
    }

    "admin" is just a virtual URL segment generated by cms/_config.php which calls up CMSMenu to add the admin URLs. The above rules will force it to a 404 page instead, doing a redirection to the page with "page-not-found" as the URL segment.

    If you _really_ want it gone completely, you'll have to edit cms/_config.php and remove the "admin" rules from there. However, my example is essentially doing the same thing, and it's the closest you'll get to the source without modifying the core directly or using an .htaccess rule.

    Hope this helps!

    Sean

  • pitsnipe
    Avatar
    Community Member
    3 Posts

    Re: Disable Admin Access from External Link to this post

    Thanks Sean

    I'll try the above code first and see how that works. In case I can't find the documentation, how do you ensure the site is in live mode? First pass on the above....didn't work, so I may be doing the Live Mode aspect incorrectly.

  • Sean
    Avatar
    Forum Moderator
    921 Posts

    Re: Disable Admin Access from External Link to this post

    Site mode is set from your _ss_environment.php file. You probably won't have one, so I suggest reading this page and setting it up. You'll need it if you're going from a staging to a production site so you can change per-environment variables:

    http://doc.silverstripe.org/doku.php?id=environment-management

    The way it works is each environment (e.g., development, staging, production etc) has it's own _ss_environment.php file which tells the sites on the server what mode it's in e.g. "dev" "test" or "live". There's also database connection details so the sites know which database to connect to.

    Sean

    1398 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.