通过访问该WSGI的web2py管理界面 [英] accessing the web2py admin interface via wsgi
问题描述
借助的web2py书状态
管理界面,管理员,是从本地主机才可访问
除非你运行web2py的身后跟Apache的mod_proxy。如果管理员检测
代理,会话cookie设置为安全和管理登录不
工作,除非客户端与代理之间的通信都要
通过HTTPS;这是一种安全措施。在之间的所有通信
客户端和管理必须是本地或加密;否则
攻击者能够执行一个人在中间的攻击或
重放攻击,并在服务器上执行任意code。
The administrative interface, admin, is only accessible from localhost unless you run web2py behind Apache with mod_proxy. If admin detects a proxy, the session cookie is set to secure and admin login does not work unless the communication between the client and the proxy goes over HTTPS; this is a security measure. All communications between the client and admin must always be local or encrypted; otherwise an attacker would be able to perform a man-in-the middle attack or a replay attack and execute arbitrary code on the server.
不过,我想知道,如果这意味着使用的web2py通过WSGI意味着我将无法得到管理界面远程操作。
However, I'm wondering if this means that using web2py via WSGI means I wont be able to get to the admin interface remotely.
推荐答案
下面是你会看到什么,如果你试图通过HTTP访问管理界面:
Here's what you'll see if you try to access the administrative interface over HTTP:
Forbidden
You don't have permission to access /admin/default/index on this server.
Apache/2.2.22 (Ubuntu) Server at yourserver.com Port 80
只需使用HTTPS远程访问管理界面导航到同一个页面。
Just navigate to same page using HTTPS to access the administrative interface remotely.
https://yourserver.com/admin/default/index
这篇关于通过访问该WSGI的web2py管理界面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!