You are not logged in.

Announcement

Bonjour, avant de poster, merci de vérifier que vous avez respecté les pré-requis de l'installation et consultez notre documentation : http://docs.blue-mind.net !

Hi, before posting on the forum, please check that you followed installation prerequisites and get a look to our documentation space : http://docs.blue-mind.net

#1 2017-01-27 15:18:02

BobNoorduin
Member
Registered: 2016-12-12
Posts: 28

Securing /setup location

Hi there,

After installation of bluemind the /setup location is quite open - password-secured only. I would suggest admins do something such as:

vi /etc/nginx/sites-available/bm-client-access

{{{
  location /setup/ {
    allow 127.0.0.1;
    allow <trusted-net>;   #subnets that are trusted...
    deny all;

    the rest...
  }
}}}

And possibly same for /adminconsole if needed.

nginx -s reload / service bm-nginx restart

It would be better if bluemind, during installation, would ask for the trusted IP networks from which /setup is permitted..

My $0.02

Offline

#2 2017-01-31 19:03:44

Anthony.L
Member
Registered: 2017-01-18
Posts: 3

Re: Securing /setup location

BobNoorduin wrote:

It would be better if bluemind, during installation, would ask for the trusted IP networks from which /setup is permitted..

+1 :-)

Offline

#3 2017-02-02 12:00:23

Toony
BlueMind Team
From: Toulouse
Registered: 2012-03-29
Posts: 1,818
Website

Re: Securing /setup location

You can open a suggestion in our suggestion box.

You can do this using a NGinx proxy, in front of BlueMind or by modifying BlueMind NGinx configuration, but you must re-do this after every update.

Offline

#4 2017-03-03 10:38:37

blueminded_admin
Member
Registered: 2017-03-01
Posts: 6

Re: Securing /setup location

I fully agree with this request, it could even use the trusted networks from postfix config by default imho. Nginx proxy in front of bluemind isn't the solution, it's typically a security problem within the app.

Regarding the suggested workaround, isn't it possible to use /etc/nginx/bm-local.d/ config files so it's not overwritten with update ?

Offline

Board footer

Powered by FluxBB