accessing the web2py admin interface via wsgi

About

Asked 11/10, 2012 at 1:15 Answered 11/10, 2012 at 1:42

The administrative interface, admin, is only accessible from localhost unless you run web2py behind Apache with mod_proxy. If admin detects a proxy, the session cookie is set to secure and admin login does not work unless the communication between the client and the proxy goes over HTTPS; this is a security measure. All communications between the client and admin must always be local or encrypted; otherwise an attacker would be able to perform a man-in-the middle attack or a replay attack and execute arbitrary code on the server.

However, I'm wondering if this means that using web2py via WSGI means I wont be able to get to the admin interface remotely.

Favourite answered 11/10, 2012 at 1:15 Comment(0)

Here's what you'll see if you try to access the administrative interface over HTTP:

Forbidden

You don't have permission to access /admin/default/index on this server.

Apache/2.2.22 (Ubuntu) Server at yourserver.com Port 80

Just navigate to same page using HTTPS to access the administrative interface remotely.

https://yourserver.com/admin/default/index

Agraphia answered 11/10, 2012 at 1:42 Comment(2)

What you are saying about http access to admin interface via WSGI is right. But about https, I get "unable to establish connection" ... here is my config file - paste.kde.org/566648 – Favourite 11/10, 2012 at 9:20

It seems like you're denying access to the administrative interface in this line. Have you tried commenting it out or removing it? <LocationMatch ^/([^/]+)/appadmin> Deny from all </LocationMatch> – Agraphia 11/10, 2012 at 22:32

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags