How to protect the admin area for public and private rails

Question

How to protect the admin area for public and private rails

How would you provide access to the administration area for a web application?

Our Rails CMS publish pages publicly. I would like to make the backend (/ admin) inaccessible using either the web server (apache) or the firewall (netfilter).

Can this be done using an SSL certificate? I would like to restrict access to the server only to those who have a key similar to SSH access to the server.

Thanks in advance.

+3

security ssl ssh apache admin

Admin May 23 '09 at 3:09 a.m.

source share

2 answers

Curt J. Sampson · Answer 1 · 2009-05-23T08:59:12+0000

You are absolutely right that an SSL certificate is the way to go. And this is not all that is difficult to configure, although this is rarely done.

, . -, " ", , -, , - " , -, ?"

, , - Rails admin - . ( URL- , - -, Host: foo.com admin.foo.com .) , SSL.

SSL. , . ( -, , , , , , .) ( -SSL- , , SSL), - , , , .

, , .

SpliFF · Answer 2 · 2009-05-23T03:29:26+0000

, . "" - .htaccess Apache Directory.

, , SSLRequire

SSLVerifyClient      none
<Directory /usr/local/apache/htdocs/secure/area>
SSLVerifyClient      require
SSLVerifyDepth       5
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificatePath conf/ssl.crt
SSLOptions           +FakeBasicAuth
SSLRequireSSL
AuthName             "Snake Oil Authentication"
AuthType             Basic
AuthUserFile         /usr/local/apache/conf/httpd.passwd
require              valid-user
</Directory>

Howto: http://eregie.premier-ministre.gouv.fr/manual/mod/mod_ssl/ssl_howto.html

How to protect the admin area for public and private rails

More articles: