Closed
Bug 758238
Opened 12 years ago
Closed 12 years ago
Only allow VPN access to django admin on webpagemaker site
Categories
(Infrastructure & Operations Graveyard :: WebOps: Other, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: avarma, Assigned: jd)
References
Details
cturra, in the dev/stage/prod deployments of webpagemaker, we'd like to enforce VPN-only access to anything under the '/admin/' path of the app, in keeping with the secure coding guidelines [1]. Can you do this for us? [1] https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Admin_Login_Pages
Comment 1•12 years ago
|
||
look at firefoxflicks allow setup as an example
Assignee: server-ops → jcrowe
Reporter | ||
Comment 2•12 years ago
|
||
Corey, are you asking me to look at flicks allow setup, or are you asking an ops person to look at something? Let me know if there's anything I should do on my end... Thanks!
Assignee | ||
Comment 3•12 years ago
|
||
Atul, This was a note for IT. I do need to ask you a question however. Typically we only put prod behind the ssl vpn and then we put dev and stage behind Apache auth. This is generally sufficient as there is not supposed to be any sensitive data on dev or stage. I intend to set this up in this manner unless you have a reason not to. Please let me know. Regards
Reporter | ||
Comment 4•12 years ago
|
||
Sure, that sounds great Jason! Just let me know what you set the apache auth to, since we don't currently have apache auth set up on dev and stage.
Assignee | ||
Comment 5•12 years ago
|
||
(In reply to Atul Varma [:atul] from comment #0) > cturra, in the dev/stage/prod deployments of webpagemaker, we'd like to > enforce VPN-only access to anything under the '/admin/' path of the app, in > keeping with the secure coding guidelines [1]. Can you do this for us? > > [1] > https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Admin_Login_Pages I will need the url for the production site. It is not clear from the configs I have been digging through and I don't want to set this up on the incorrect site. Thanks
Status: NEW → ASSIGNED
Comment 6•12 years ago
|
||
Production site will be thimble.webmaker.org
Assignee | ||
Comment 7•12 years ago
|
||
I see, I am unable to resolve this in DNS, I guess you are aware of that. I will set up a dns entry for thimble-admin.webmaker.org FYI. This will not be accessible form off VPN, but something is necessary for the vpn app to lookup against and the Apache Vhost to match against. I mention this as the DNS name will not be available for other use. I will set this up in the morning unless I hear any objection to the name. Regards
Comment 8•12 years ago
|
||
Hmm. I don't care about the name, your choice is fine. I'm a bit concerned that having admin on a different domain than prod may not be compatible w/ BrowserID sign-in, but maybe I'm totally offbase. I guess we'll find out tomorrow =).
Assignee | ||
Comment 9•12 years ago
|
||
This is finished, let me know how you want me to give you the apache auth password for dev and stage, prod is working through VPN. Regards
Reporter | ||
Comment 10•12 years ago
|
||
Thanks Jason, can you just email the apache auth passwords?
Assignee | ||
Comment 11•12 years ago
|
||
Sent, Let me know if you need anything further.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 12•12 years ago
|
||
Thanks Jason! Er, just one more thing... we don't actually have any django admin *users* on dev or staging yet, in part because we don't actually support any kind of login for normal users yet. Would it be possible for you to create admin users for both instances (using "manage.py createsuperuser") with the same credentials that you emailed me? Or should I file a new bug for that?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Reporter | ||
Comment 13•12 years ago
|
||
Actually, for that matter, can you also create a superuser with the same username and password on the production instance, too?
Assignee | ||
Comment 14•12 years ago
|
||
Atul, I have created the users as you requested. All 3 are breaking with the CSRF token error. I enabled debugging on the dev instance to aid in troubleshooting the problem. Additionally I added the SITE_URL variable to the settings on dev, I could not remember if this was part of the issue but it did not fix it so I guess not. Please let me know if you need any further action from me. Regards
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Updated•5 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•