Blue Mind Forum

Forum about Blue Mind Software

You are not logged in.

Announcement

Bonjour, avant de poster, merci de vérifier que vous avez respecté les pré-requis de l'installation et consultez notre documentation : https://forge.bluemind.net/confluence/display/BM35/ !
Vous pouvez en particulier trouver des réponses aux problèmes les plus courants dans notre FAQ ou encore la base de connaissance.

Hi, before posting on the forum, please check that you followed installation prerequisites and get a look to our documentation space : https://forge.bluemind.net/confluence/display/BM35/ !

#1 2017-01-27 15:18:02

BobNoorduin
Member
Registered: 2016-12-12
Posts: 28

Securing /setup location

Hi there,

After installation of bluemind the /setup location is quite open - password-secured only. I would suggest admins do something such as:

vi /etc/nginx/sites-available/bm-client-access

{{{
  location /setup/ {
    allow 127.0.0.1;
    allow <trusted-net>;   #subnets that are trusted...
    deny all;

    the rest...
  }
}}}

And possibly same for /adminconsole if needed.

nginx -s reload / service bm-nginx restart

It would be better if bluemind, during installation, would ask for the trusted IP networks from which /setup is permitted..

My $0.02

Offline

#2 2017-01-31 19:03:44

Anthony.L
Member
Registered: 2017-01-18
Posts: 3

Re: Securing /setup location

BobNoorduin wrote:

It would be better if bluemind, during installation, would ask for the trusted IP networks from which /setup is permitted..

+1 :-)

Offline

#3 2017-02-02 12:00:23

Toony
BlueMind Team
From: Toulouse
Registered: 2012-03-29
Posts: 1,867
Website

Re: Securing /setup location

You can open a suggestion in our suggestion box.

You can do this using a NGinx proxy, in front of BlueMind or by modifying BlueMind NGinx configuration, but you must re-do this after every update.

Offline

#4 2017-03-03 10:38:37

blueminded_admin
Member
Registered: 2017-03-01
Posts: 6

Re: Securing /setup location

I fully agree with this request, it could even use the trusted networks from postfix config by default imho. Nginx proxy in front of bluemind isn't the solution, it's typically a security problem within the app.

Regarding the suggested workaround, isn't it possible to use /etc/nginx/bm-local.d/ config files so it's not overwritten with update ?

Offline

Board footer

Powered by FluxBB