How to secure Policyd web access
Results 1 to 6 of 6

Thread: How to secure Policyd web access

  1. #1
    Active Member
    Join Date
    Feb 2012
    Posts
    3

    How to secure Policyd web access

    Dear Experts,

    I am using Zimbra's 7.1.4 ZCS. To enable cbpolicyd within Zimbra, I followed steps mentioned in your http://forums.zextras.com/zimbra-how...a-7-1-1-a.html.....

    These steps helped me a lot. But securing its web-access via cluebringer-httpd.conf file is not correct ,

    Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/
    <Directory /opt/zimbra/cbpolicyd/share/webui/>
    # Comment out the following 3 lines to make web ui accessible from anywhere
    Order Deny,Allow
    Deny from all
    Allow from 10.16.1.0/255.255.255.0
    </Directory>
    I can access policyd Server via http://yourzimbraserver:7780/webui/index.php from anywhere rather than http://yourzimbraserver:7780/cluebringer/index.php

    Can you please help and guide the procedure to secure cbpolicyd web-access via IP subnet or via htpasswd method.

    Regards
    Bjron Mork

  2. #2
    ZeXtras Community Manager ZeXtras Employee Cine's Avatar
    Join Date
    Apr 2011
    Posts
    2,342
    Hello bjron,
    welcome to the forums!

    Let me get this straight... Can you access http://yourzimbraserver:7780/cluebringer/index.php only from the right IPs and http://yourzimbraserver:7780/webui/index.php from everywhere?


    Have a nice day,
    Cine
    IT Support Team Contact Form
    Sales Team Contact Form

    ZeXtras Website
    # ZeXtras Wiki # ZeXtras Store

    Have ZeXtras Suite or ZeXtras Migration Tool been helpful to you?
    Share your experience in the Zimbra Gallery!

    ZeXtras Suite on the Zimbra Gallery
    ZeXtras Migration Tool on the Zimbra Gallery

  3. #3
    Active Member
    Join Date
    Feb 2012
    Posts
    3
    Hi Cine,
    Thanks for your reply.


    I can access policyd Server via http://yourzimbraserver:7780/webui/index.php from anywhere..

    And I cannot access http://yourzimbraserver:7780/cluebringer/index.php from anywhere...in fact i get this reply.

    Not Found
    The requested URL /cluebringer/index.php was not found on this server.
    Apache/2.2.21 (Unix) PHP/5.3.6 Server at 10.16.1.1 Port 7780
    Is this file placement issue? Please suggest.

    Regards
    B~Mork.

  4. #4
    ZeXtras Community Manager ZeXtras Employee Cine's Avatar
    Join Date
    Apr 2011
    Posts
    2,342
    Hello Bjron,

    I checked the guide and looks like it needs to be updated, I'm reworking it right now... Stay tuned!


    Have a nice day,
    Cine
    IT Support Team Contact Form
    Sales Team Contact Form

    ZeXtras Website
    # ZeXtras Wiki # ZeXtras Store

    Have ZeXtras Suite or ZeXtras Migration Tool been helpful to you?
    Share your experience in the Zimbra Gallery!

    ZeXtras Suite on the Zimbra Gallery
    ZeXtras Migration Tool on the Zimbra Gallery

  5. #5
    Active Member
    Join Date
    Feb 2012
    Posts
    3
    Thanks Cine.. I have sorted the issue. Here are steps I followed....


    Step 1

    First go to webui directy (that is symbolic linked with /opt/zimbra/httpd/htdoc/share/webui)

    cd /opt/zimbra/cbpolicyd-2.0.10/share/webui/
    Step 2

    Create htaccess file
    touch .htaccess
    vi .htaccess
    and add below lines
    AuthUserFile /opt/zimbra/cbpolicyd-2.0.10/share/webui/.htpasswd
    AuthGroupFile /dev/null
    AuthName "User and Password"
    AuthType Basic

    <LIMIT GET>
    require valid-user
    </LIMIT>
    Step 3:
    touch .htpasswd
    and issue below command to add user and passwod

    htpasswd -c .htpasswd cbpadmin
    This process will ask password for cbpadmin user.

    Step 4

    Edit apache config file

    vi /opt/zimbra/conf/httpd.conf
    And add below lines

    Alias /webui /opt/zimbra/cbpolicyd-2.0.10/share/webui/
    <Directory /opt/zimbra/cbpolicyd-2.0.10/share/webui/>
    # Comment out the following 3 lines to make web ui accessible from anywhere
    AllowOverride AuthConfig
    Order Deny,Allow
    Allow from all
    </Directory>
    And finally restart apache server from root

    su - zimbra -c "cbpolicdctl restart"
    And enjoy...

  6. #6
    ZeXtras Community Manager ZeXtras Employee Cine's Avatar
    Join Date
    Apr 2011
    Posts
    2,342
    Hello Bjorn,

    thanks for the suggestion!

    I corrected the guide added a step that went missing (probably during an edit)...
    After copying the cluebringer-policyd.conf you must edit /opt/zimbra/conf/httpd.conf and add "Include /opt/zimbra/conf/cluebringer-httpd.conf" at the end of the file...

    Also, using the second option of the guide the WebUI configuration should survive any Zimbra update (watch out, as the "cd /opt/zimbra/cbpolicyd-2.0.10/share/webui/" folder will probably be deleted by Zimbra's upgrade procedure, so you might loose your config..)

    Enjoy!

    Cine
    IT Support Team Contact Form
    Sales Team Contact Form

    ZeXtras Website
    # ZeXtras Wiki # ZeXtras Store

    Have ZeXtras Suite or ZeXtras Migration Tool been helpful to you?
    Share your experience in the Zimbra Gallery!

    ZeXtras Suite on the Zimbra Gallery
    ZeXtras Migration Tool on the Zimbra Gallery

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •