How to secure Policyd web access
Results 1 to 6 of 6

Thread: How to secure Policyd web access

  1. #1
    Active Member
    Join Date
    Feb 2012
    Posts
    3

    How to secure Policyd web access

    Dear Experts,

    I am using Zimbra's 7.1.4 ZCS. To enable cbpolicyd within Zimbra, I followed steps mentioned in your http://forums.zextras.com/zimbra-how...a-7-1-1-a.html.....

    These steps helped me a lot. But securing its web-access via cluebringer-httpd.conf file is not correct ,

    Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/
    <Directory /opt/zimbra/cbpolicyd/share/webui/>
    # Comment out the following 3 lines to make web ui accessible from anywhere
    Order Deny,Allow
    Deny from all
    Allow from 10.16.1.0/255.255.255.0
    </Directory>
    I can access policyd Server via http://yourzimbraserver:7780/webui/index.php from anywhere rather than http://yourzimbraserver:7780/cluebringer/index.php

    Can you please help and guide the procedure to secure cbpolicyd web-access via IP subnet or via htpasswd method.

    Regards
    Bjron Mork

  2. #2
    ZeXtras Community Manager ZeXtras Employee Cine's Avatar
    Join Date
    Apr 2011
    Posts
    2,363
    Hello bjron,
    welcome to the forums!

    Let me get this straight... Can you access http://yourzimbraserver:7780/cluebringer/index.php only from the right IPs and http://yourzimbraserver:7780/webui/index.php from everywhere?


    Have a nice day,
    Cine

  3. #3
    Active Member
    Join Date
    Feb 2012
    Posts
    3
    Hi Cine,
    Thanks for your reply.


    I can access policyd Server via http://yourzimbraserver:7780/webui/index.php from anywhere..

    And I cannot access http://yourzimbraserver:7780/cluebringer/index.php from anywhere...in fact i get this reply.

    Not Found
    The requested URL /cluebringer/index.php was not found on this server.
    Apache/2.2.21 (Unix) PHP/5.3.6 Server at 10.16.1.1 Port 7780
    Is this file placement issue? Please suggest.

    Regards
    B~Mork.

  4. #4
    ZeXtras Community Manager ZeXtras Employee Cine's Avatar
    Join Date
    Apr 2011
    Posts
    2,363
    Hello Bjron,

    I checked the guide and looks like it needs to be updated, I'm reworking it right now... Stay tuned!


    Have a nice day,
    Cine

  5. #5
    Active Member
    Join Date
    Feb 2012
    Posts
    3
    Thanks Cine.. I have sorted the issue. Here are steps I followed....


    Step 1

    First go to webui directy (that is symbolic linked with /opt/zimbra/httpd/htdoc/share/webui)

    cd /opt/zimbra/cbpolicyd-2.0.10/share/webui/
    Step 2

    Create htaccess file
    touch .htaccess
    vi .htaccess
    and add below lines
    AuthUserFile /opt/zimbra/cbpolicyd-2.0.10/share/webui/.htpasswd
    AuthGroupFile /dev/null
    AuthName "User and Password"
    AuthType Basic

    <LIMIT GET>
    require valid-user
    </LIMIT>
    Step 3:
    touch .htpasswd
    and issue below command to add user and passwod

    htpasswd -c .htpasswd cbpadmin
    This process will ask password for cbpadmin user.

    Step 4

    Edit apache config file

    vi /opt/zimbra/conf/httpd.conf
    And add below lines

    Alias /webui /opt/zimbra/cbpolicyd-2.0.10/share/webui/
    <Directory /opt/zimbra/cbpolicyd-2.0.10/share/webui/>
    # Comment out the following 3 lines to make web ui accessible from anywhere
    AllowOverride AuthConfig
    Order Deny,Allow
    Allow from all
    </Directory>
    And finally restart apache server from root

    su - zimbra -c "cbpolicdctl restart"
    And enjoy...

  6. #6
    ZeXtras Community Manager ZeXtras Employee Cine's Avatar
    Join Date
    Apr 2011
    Posts
    2,363
    Hello Bjorn,

    thanks for the suggestion!

    I corrected the guide added a step that went missing (probably during an edit)...
    After copying the cluebringer-policyd.conf you must edit /opt/zimbra/conf/httpd.conf and add "Include /opt/zimbra/conf/cluebringer-httpd.conf" at the end of the file...

    Also, using the second option of the guide the WebUI configuration should survive any Zimbra update (watch out, as the "cd /opt/zimbra/cbpolicyd-2.0.10/share/webui/" folder will probably be deleted by Zimbra's upgrade procedure, so you might loose your config..)

    Enjoy!

    Cine

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •