Restricting Access to Admin Area by IP

Running Lucee 4.5 on CentOS Linux with Apache/TomCat. Migrating from old
version of CFMX, so that’s where my mindset regarding this configuration
issue comes from.

What I would like to do is restrict access to the Lucee web administrator
based on IP address, so that only our internal IPs can access that portion
of the website.

In ACF, we had an entry in our httpd.conf file that restricted access to
/cfide to our internal IPs.

Is something like this also doable with Lucee?

If so, on what directory do I need to restrict access? Is it the
/WEB-INF/lucee directory, or is that going to be too restrictive, given the
variety of sub-directories under /WEB-INF/lucee, such as customtags, logs,
etc?

Steve,

As an alternative, you might want to consider using SSH Tunneling to lock
down access. See
https://dnando.github.io/blog/2014/11/04/ssh-tunneling-coldfusion-lockdown-technique/
for the approach and rationale. I should update that post for Lucee as well

What I would like to do is restrict access to the Lucee web administrator
based on IP address, so that only our internal IPs can access that portion
of the website.

In ACF, we had an entry in our httpd.conf file that restricted access to
/cfide to our internal IPs.

Is something like this also doable with Lucee?

Certainly.

If so, on what directory do I need to restrict access? Is it the
/WEB-INF/lucee directory, or is that going to be too restrictive, given the
variety of sub-directories under /WEB-INF/lucee, such as customtags, logs,
etc?

For the admin, I believe you’d use

<Location /lucee> Order Deny,Allow Deny from all Allow from localhost

If using SSH tunneling

<Location /WEB-INF> Order Deny,Allow Deny from all Allow from localhost

“Allow from localhost” should be sufficient for custom tags, logs, etc to
function normally.>


Love Lucee? Become a supporter and be part of the Lucee project today! -
http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/110c8993-970d-4a65-89e9-441618cc0dcb%40googlegroups.com
https://groups.google.com/d/msgid/lucee/110c8993-970d-4a65-89e9-441618cc0dcb%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.