CAS5 /cas/status cas.adminPagesSecurity.ip

34 views
Skip to first unread message

Duane Booher

unread,
Oct 25, 2017, 11:42:43 AM10/25/17
to CAS Community
For CAS 5.0 /cas/status access, the only way I can get access is with a single ip, such as cas.adminPagesSecurity.ip=127.0.0.1

My question, is there any additional pattern matching capabilities and/or a list of ip addresses? In CAS4 there use to be a subnet mask option, such as xx.xx.xx.xx/24, but that does not work for me in CAS 5.0.

Thanks,
Duane

Ryan Schroeder

unread,
Oct 25, 2017, 1:53:13 PM10/25/17
to CAS Community
It should be a regex now, at least it is in 5.1

Tom Poage

unread,
Oct 25, 2017, 1:59:03 PM10/25/17
to CAS Community

> On Oct 25, 2017, at 8:42 AM, Duane Booher <dd...@nau.edu> wrote:
>
> For CAS 5.0 /cas/status access, the only way I can get access is with a single ip, such as cas.adminPagesSecurity.ip=127.0.0.1
>
> My question, is there any additional pattern matching capabilities and/or a list of ip addresses? In CAS4 there use to be a subnet mask option, such as xx.xx.xx.xx/24, but that does not work for me in CAS 5.0.

I believe it's treated as a regular expression. Ours finally got so complex that we abstracted access control to Apache httpd (2.4) running in front, cf.

cas.adminPagesSecurity.ip=.*

and, effectively:

<ProxyMatch "/cas/status$">
<RequireAny>
Require all denied
Require local
Require ip ...
...
</RequireAny>
</ProxyMatch>
ProxyPass /cas/ ajp://localhost:8009/cas/

Tom.

Reply all
Reply to author
Forward
0 new messages