zadarum wrote:
However, in the other virtual host, that is set in Jetty to respond only to a named subdomain (http://lunchboxes.muradaz.com), if I put the internal network wildcard into that admin, I'm immediately locked out of the admin for that virtual host, and have to go into the xml file to reset the allowedip by hand to be able to restore access.
So basically if you have ANYTHING in the allowedip list in the XML, you're locked out? Just out of curiosity have you tried it with a specific full IP address as opposed to a wildcard? (Sorry if you have and I missed that in the discussion.)
Can you stick a page on this instance that just dumps CGI.REMOTE_ADDR? I'm curious if maybe it isn't resolving to what you might be expecting. And even if it is, that would help troubleshoot.
To be clear, I'm only using the ip address wildcard, not entering the subdomain name in the admin screen.
Right--good, because the IP list has to be IP addresses, not domain names.
I threw in a cgi.remote_addr tag to the display page, to confirm that my named subdomain site is properly reporting the requesting ip address as part of my internal network, but I'm still not able to access the admin pages.
OK, so this sounds like you already did what I suggested above, and it's resolving to something that would match the IP address list.
I'd also be happy to volunteer as a guinea pig for any 'Dummies Guide' how-to on installation and configuration--I have a lot of Windows experience, but the GUIs have dulled my 'manual configuration' skills, so I'm a great candidate to play the 'if he can get it, anyone can' role :).
Sold! We can use more of this sort of thing on the wiki IMO, so anything you can contribute, from how you have Jetty configured to whatever we determine is the issue with the admin console IP address restrictions, will be greatly appreciated.
If you have an urgent need to protect the OpenBD admin, meaning if you need to do this before we figure out what may be going on with the IP address list, you can always do this with HTTP authentication at the web server level. At least I'm assuming Jetty supports that sort of thing--you're using Jetty's web server right (meaning you don't have another web server in front of Jetty)?
-- Matt Woodward [email protected] http://www.mattwoodward.com/blogPlease do not send me proprietary file formats such as Word, PowerPoint, etc. as attachments.
http://www.gnu.org/philosophy/no-word-attachments.html
smime.p7s
Description: S/MIME Cryptographic Signature
