[Xymon] Separating alternate pageset
Becker Christian
christian.becker at rhein-zeitung.net
Thu Jun 30 08:35:52 CEST 2016
Hello,
-----
See if you can publish your alternate page set on an apache vhost. You could then prevent the external users from reaching your primary vhost.
-----
I tried this already but didn’t' succeed (could be depending on my setup). At this time I don't really know how to configure this; think I have a try-and-error phase in front of me....
Regards
Christian
Christian Becker
IT-Services
Christian.Becker at rhein-zeitung.net
_________________________________
Mittelrhein-Verlag GmbH
August-Horch-Straße 28
D-56070 Koblenz
Verleger und Geschäftsführer: Walterpeter Twer
Reg.-Gericht Koblenz HRB 121
Finanzamt Koblenz Str.Nr. 22 65 10 285 2
www.rhein-zeitung.de
-----Ursprüngliche Nachricht-----
Von: Xymon [mailto:xymon-bounces at xymon.com] Im Auftrag von John Thurston
Gesendet: Mittwoch, 29. Juni 2016 19:54
An: xymon at xymon.com
Betreff: Re: [Xymon] Separating alternate pageset
On 6/29/2016 9:37 AM, Becker Christian wrote:
- snip -
> Now we are in the situation that we need to present some special
> devices to an external company. I did this by setting up an alternate
> pageset, following the Tips and Tricks section from the Xymon website.
>
> Everything is working as expected, but the external company is able to
> „break out“ of this special pageset. - snip -
Even if you succeed in stripping the menus from all of the alternate pages, the URLs and cgis are still going to work. It isn't going to be hard to look at the address bar:
> https://xymon.bar.com/xymon-cgi/svcstatus.sh?HOST=foo.bar.com&SERVICE=
> info
and figure out that any host can be displayed just by changing the "HOST=" value. Alternate page sets (on the same web server) are not going to really "jail" those users.
See if you can publish your alternate page set on an apache vhost. You could then prevent the external users from reaching your primary vhost.
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Enterprise Technology Services
Department of Administration
State of Alaska
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
More information about the Xymon
mailing list