eZ Community » Forums » eZ Platform » Prevent logged in user to access /ez...
expandshrink

Prevent logged in user to access /ez (backend)

Prevent logged in user to access /ez (backend)

Wednesday 06 September 2017 12:13:52 pm - 3 replies

I have a user role that requires login, and that should only be able to view the frontend of my application.

But it seems that the user has access to the backend via /ez. He can not delete, create or modify anything, but still he has access to read the entire content tree.

The only policy for this user besides acces to login is:

content read Class( 2, 12, 1, 13, 19, 5, 14, 18, 17, 15 )

How can I prevent this user from accessing the /ez backend?

Thursday 07 September 2017 11:49:18 am

One way to achieve something close to what you need is to use apache rewrite rules :

RewriteCond %{HTTP_HOST} !^.*-ezplatform\.mysite\.com$
RewriteRule ^/ez - [F,NC]

In the example above, it will prevent access to the URL unless you are using an URL ending with "-ezplatform.mysite.com"

Not really "agile" but, we did not find a better way ... suspicious.gif Emoticon

Hakim

Thursday 07 September 2017 2:37:24 pm

Hi Hakin. Thank you for your response. This is just making the login url a bit more confusing, isn't it?

I won't prevent the user from getting acces as long as he know the magic URL, right?

Thursday 07 September 2017 3:29:46 pm

This is far from an ideal solution, and there may be a better way that we did not find... (if someone is still checking this forum... )

>> I won't prevent the user from getting acces as long as he know the magic URL, right?

This is true, you may also use a dedicated virtual host associated to a non-routable IP address to access the platform, and apply the rule strictly on the public site ...

There must be another way smarter and easier, maybe using the Symfony RequestListener or even easier in ezPlatform parameters but we did not find it in the doc...

Good luck,

Hakim

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from