Hi, is it possible to implement some kind of login for the usage reports webapp, so that only admins can see the website? In our current setup the tool is running on a server with many other users so that anyone who knows the port can open the website and see potentially sensitive data. Best regards, Timo -- ------------------------------------------------------------------------ Timo Janßen Wissenschaftliche Hilfskraft Arbeitsgruppe "Anwendungs- und Informationssysteme" Tel.: +49(0)551/201-1791 E-Mail: timo.janssen@gwdg.de ------------------------------------------------------------------------ Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen (GWDG) Am Faßberg 11, 37077 Göttingen, URL: http://www.gwdg.de Tel.: +49 551 201-1510, Fax: +49 551 201-2150, E-Mail: gwdg@gwdg.de Service-Hotline: Tel.: +49 551 201-1523, E-Mail: support@gwdg.de Geschäftsführer: Prof. Dr. Ramin Yahyapour Aufsichtsratsvorsitzender: Prof. Dr. Norbert Lassau Sitz der Gesellschaft: Göttingen Registergericht: Göttingen, Handelsregister-Nr. B 598 ------------------------------------------------------------------------ Zertifiziert nach ISO 9001 ------------------------------------------------------------------------
Hello Timo For our production setups I've used the htpasswd mechanism as a simple way to protect the reports from unauthorised access. The details for doing this using nginx are part of the write up here: http://galacticengineer.blogspot.co.uk/2015/06/exposing-galaxy-reports-via-n... HTH Best wishes Peter On 27/03/17 12:29, Timo Janßen wrote:
Hi,
is it possible to implement some kind of login for the usage reports webapp, so that only admins can see the website? In our current setup the tool is running on a server with many other users so that anyone who knows the port can open the website and see potentially sensitive data.
Best regards, Timo
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/
-- Peter Briggs peter.briggs@manchester.ac.uk Bioinformatics Core Facility University of Manchester B.1083 Michael Smith Bldg Tel: (0161) 2751482
Hi, I was able to solve my problem by using Peter's suggestion for a proxy server with authentication combined with these two iptables rules: iptables -A OUTPUT -p tcp --dport <port of the reports server> -s localhost -d localhost --match owner --uid-owner <uid of the proxy> -j ACCEPT iptables -A OUTPUT -p tcp --dport <port of the reports server> -s localhost -d localhost -j DROP These rules prevent direct local access to the webserver so that even locally the access is only possible via the proxy, where authentication is necessary. Note that these rules don't block network access; for that you would need to extend the rules or use a separate firewall. Best regards, Timo On 03/27/2017 01:39 PM, Peter Briggs wrote:
Hello Timo
For our production setups I've used the htpasswd mechanism as a simple way to protect the reports from unauthorised access. The details for doing this using nginx are part of the write up here:
http://galacticengineer.blogspot.co.uk/2015/06/exposing-galaxy-reports-via-n...
HTH
Best wishes
Peter
On 27/03/17 12:29, Timo Janßen wrote:
Hi,
is it possible to implement some kind of login for the usage reports webapp, so that only admins can see the website? In our current setup the tool is running on a server with many other users so that anyone who knows the port can open the website and see potentially sensitive data.
Best regards, Timo
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/
-- ------------------------------------------------------------------------ Timo Janßen Wissenschaftliche Hilfskraft Arbeitsgruppe "Anwendungs- und Informationssysteme" Tel.: +49(0)551/201-1791 E-Mail: timo.janssen@gwdg.de ------------------------------------------------------------------------ Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen (GWDG) Am Faßberg 11, 37077 Göttingen, URL: http://www.gwdg.de Tel.: +49 551 201-1510, Fax: +49 551 201-2150, E-Mail: gwdg@gwdg.de Service-Hotline: Tel.: +49 551 201-1523, E-Mail: support@gwdg.de Geschäftsführer: Prof. Dr. Ramin Yahyapour Aufsichtsratsvorsitzender: Prof. Dr. Norbert Lassau Sitz der Gesellschaft: Göttingen Registergericht: Göttingen, Handelsregister-Nr. B 598 ------------------------------------------------------------------------ Zertifiziert nach ISO 9001 ------------------------------------------------------------------------
participants (2)
-
Peter Briggs -
Timo Janßen