powered by Jive Software

Restrict Admin Console access when running FastPath?

Hi folks. Thanks in advance for your help. I am testing FastPath (it seems great!), but I’m concerned that my admin console is open to the Internet, along with my FastPath user interface.

Admin Console: http://pelicanserver-7.pelicanparts.com:9090/

FastPath: http://pelicanserver-7.pelicanparts.com:9090/webchat/

Other than some fancy restrictions using my firewall, is there anyway to only have the admin console respond to the local host? I’ve searched the archives and tried changing some of the settings, and port numbers, but those strangely had no effect, even after starting and stopping the service.

Suggestions are welcome please.

Thx,

Wayne

Hi Wayne,

you may want to use a reverse proxy (Apache+mod_proxy_http or Squid in accelerator mode) which runs on port 80 (and 443 for https) and which proxies only /webchat/ to Openfire:9090.

LG

Running on Win2003…

Thanks for the suggestion though…

-Wayne

This is because you are running the fastpath webchat war file plugin on your openfire server. If you run it on an external server this issue should be resolved. Read the info for the plugin to see what servers can run the file.

Hi,

Apache and Squid are available for Windows, while Apache should be the more stable option as it is used more often then Squid on Windows.

http://httpd.apache.org/download.cgi

LG

Squid is a prxy server, I am not really sure why you recommended this.

I thought that if I restricted admin access to be secure only (SSL port 443), that would help, as I can block that using my firewall. But Openfire doesn’t seem to respond to me putting -1 in the XML fiile when I update it. I’m not sure why. Can someone point me in the right direction? I’m very experienced in configuring this stuff (PERL programmer), but I’m trying to avoid spending hours tweaking this…

thx,

Wayne

I would also like to point out that the users cannot access the admin console without admin rights to the console. Again though runinng the fastpath webclient from a different java app server would eliminate this. Even very cheap shared hosting gets you this capability.

Yes, I may have to do that. Are there any instructions on how to set that up independently?

-Wayne

Hi Todd,

one can configure Squid also as a forward proxy / in accelerator mode.

LG