Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
hosting installation
04-15-2015, 08:38 PM,
#1
hosting installation
Hello All,

I successfully installed the app on my hosting server. I have few questions:

1- How do you make sure when users enter the webaddress where the app is installed, it actually load the login screen rather than a directory?

for example: www.mydomainname.com it should load the weberp login screen

2- What is the best way to secure the site? https? Any suggestions?

regards,
Joe
Reply
04-16-2015, 12:03 AM,
#2
RE: hosting installation
I recommend a few items.
1) Use https. There is a parameter in the config to require https and it won't let you login without it.
2) We use Web Server authentication as a first step (before individual application logins). This at least prevents brute force attempts on the webERP login screen
3) you can use .htaccess to redirect when necessary if the correct address isn't entered but my install defaults to the login screen when entering the directory
Reply
04-16-2015, 01:56 AM,
#3
RE: hosting installation
Thanks Agaluski!

Will give a try.

1- Do i need to by an SSl certificate from my host to us https?
2- Would you have any .htaccess sample that i could use?
3- Could you elaborate on Web Server authentication?

Thanks,
Joe

(04-16-2015, 12:03 AM)agaluski Wrote: I recommend a few items.
1) Use https. There is a parameter in the config to require https and it won't let you login without it.
2) We use Web Server authentication as a first step (before individual application logins). This at least prevents brute force attempts on the webERP login screen
3) you can use .htaccess to redirect when necessary if the correct address isn't entered but my install defaults to the login screen when entering the directory

Reply
04-16-2015, 03:51 AM,
#4
RE: hosting installation
Yes, An SSL certificate is required to use https. Your hosting company can help you with that.
What web server are you using (Apache, IIS, Other).
If you include your hosting company and or Control Panel type may be able to help you find where to setup the authentication
Reply
04-16-2015, 05:53 AM,
#5
RE: hosting installation
As you only need encryption not identification you can use a self signed certificate (if your hosting company allows it).

Tim
Reply
04-17-2015, 07:21 PM,
#6
RE: hosting installation
Hi Agaluski,

I can get an SSl certificate from my hosting. No issue. They will help to setup.
I believe we are on Apache...
I tried to send you an email from your profile, but was not authorized. Is it possible to send you the info on private email?

Thanks
Reply
04-17-2015, 10:58 PM,
#7
RE: hosting installation
Hosting plan should be able to help with .htaccess as well. Here are some basics.

http://www.apacheweek.com/features/userauth
See this link (Especially examples and security considerations (Where to keep password file):
http://httpd.apache.org/docs/2.2/programs/htpasswd.html

Setup users/passwords
create (if not existing) or update .htaccess file in the directory you wish to protect <www.something.com/weberp>

AuthName "Private Area Access Only"
AuthUserFile "<pathtoyourhtpasswdfile>/passwd"
AuthType Basic
require valid-user
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)