Using a reverse proxy to block some services
9 views
Skip to first unread message
Alex Donnini
Jan 17, 2014, 9:29:47 AM1/17/14
to lmf-...@googlegroups.com
I used varnish as a reverse proxy (port 80) in front of tomcat running LMF (port 8080) to block access to some services.
I set kiwi.context to http://mydomain/LMF and kiwi.host to http://mydomain/LMF while local resources base address is http://mydomain/LMF.
So, some services are blocked on the port 80.
If I try to access to whole set of services by using port 8080 on my LAN, I have an unformatted page from the graphical point of view, it is impossible to access services because all link are based on one of the previous config variable, so i need to browse adding port 8080 to each URL.
Is there a way to decouple access from a REST client and access to the interface?
thank you
Alex
Sergio Fernández
Jan 17, 2014, 9:53:38 AM1/17/14
to lmf-...@googlegroups.com
Hi Alex,
On 17/01/14 15:29, Alex Donnini wrote:
> I used varnish as a reverse proxy (port 80) in front of tomcat running LMF
> (port 8080) to block access to some services.
> I set kiwi.context to http://mydomain/LMF and kiwi.host to http://mydomain/LMF
> while local resources base address is http://mydomain/LMF.
That's right. We commonly used the same setup, so it's quite well tested.
> So, some services are blocked on the port 80.
Sorry, I do not understand that.
> If I try to access to whole set of services by using port 8080 on my LAN, I
> have an unformatted page from the graphical point of view, it is impossible
> to access services because all link are based on one of the previous config
> variable, so i need to browse adding port 8080 to each URL.
> Is there a way to decouple access from a REST client and access to the
> interface?
No, sorry, the new base URL will be used to all, both admin pages and
rest web services. So you must used only services under the new URL.
Cheers,
--
Sergio Fernández
Senior Researcher
Knowledge and Media Technologies
Salzburg Research Forschungsgesellschaft mbH
Jakob-Haringer-Straße 5/3 | 5020 Salzburg, Austria
T: +43 662 2288 318 | M: +43 660 2747 925
sergio.f...@salzburgresearch.at
http://www.salzburgresearch.at
On 17/01/14 15:29, Alex Donnini wrote:
> I used varnish as a reverse proxy (port 80) in front of tomcat running LMF
> (port 8080) to block access to some services.
> I set kiwi.context to http://mydomain/LMF and kiwi.host to http://mydomain/LMF
> while local resources base address is http://mydomain/LMF.
> So, some services are blocked on the port 80.
> If I try to access to whole set of services by using port 8080 on my LAN, I
> have an unformatted page from the graphical point of view, it is impossible
> to access services because all link are based on one of the previous config
> variable, so i need to browse adding port 8080 to each URL.
> Is there a way to decouple access from a REST client and access to the
> interface?
rest web services. So you must used only services under the new URL.
Cheers,
--
Sergio Fernández
Senior Researcher
Knowledge and Media Technologies
Salzburg Research Forschungsgesellschaft mbH
Jakob-Haringer-Straße 5/3 | 5020 Salzburg, Austria
T: +43 662 2288 318 | M: +43 660 2747 925
sergio.f...@salzburgresearch.at
http://www.salzburgresearch.at
Alex Donnini
Jan 28, 2014, 2:56:50 AM1/28/14
to lmf-...@googlegroups.com
Dear Sergio
it is possible to have a template of you varnish conf file?
Because we have blocked mostly of LMF interfaces and I would like to expose SPARQL query interface (other than SPARQL endpoint) that is a way to browse triple from a generic user point of view, and there are some AJAX call that make difficult to do this.
thanks
Alessandra
Sergio Fernández
Jan 28, 2014, 5:39:41 AM1/28/14
to lmf-...@googlegroups.com
Hi Alex,
On 28/01/14 08:56, Alex Donnini wrote:
> it is possible to have a template of you varnish conf file?
Basically you'd just need to switch to the standard security profile,
which allows read access from everywhere and write access only for
authenticated users of the “manager” role. Check the documentation from
further details:
http://marmotta.apache.org/platform/security-module.html
> Because we have blocked mostly of LMF interfaces and I would like to expose
> SPARQL query interface (other than SPARQL endpoint) that is a way to browse
> triple from a generic user point of view, and there are some AJAX call that
> make difficult to do this.
Please, check first if the standard security profile fulfills your
requirements. If not, we can support you on customizing a bit the rules.
On 28/01/14 08:56, Alex Donnini wrote:
> it is possible to have a template of you varnish conf file?
which allows read access from everywhere and write access only for
authenticated users of the “manager” role. Check the documentation from
further details:
http://marmotta.apache.org/platform/security-module.html
> Because we have blocked mostly of LMF interfaces and I would like to expose
> SPARQL query interface (other than SPARQL endpoint) that is a way to browse
> triple from a generic user point of view, and there are some AJAX call that
> make difficult to do this.
requirements. If not, we can support you on customizing a bit the rules.
Reply all
Reply to author
Forward
0 new messages