Hi, I was able to solve my problem by using Peter's suggestion for a proxy server with authentication combined with these two iptables rules:
iptables -A OUTPUT -p tcp --dport <port of the reports server> -s localhost -d localhost --match owner --uid-owner <uid of the proxy> -j ACCEPT iptables -A OUTPUT -p tcp --dport <port of the reports server> -s localhost -d localhost -j DROP These rules prevent direct local access to the webserver so that even locally the access is only possible via the proxy, where authentication is necessary. Note that these rules don't block network access; for that you would need to extend the rules or use a separate firewall. Best regards, Timo On 03/27/2017 01:39 PM, Peter Briggs wrote: > Hello Timo > > For our production setups I've used the htpasswd mechanism as a simple > way to protect the reports from unauthorised access. The details for > doing this using nginx are part of the write up here: > > http://galacticengineer.blogspot.co.uk/2015/06/exposing-galaxy-reports-via-nginx-in.html > > > HTH > > Best wishes > > Peter > > On 27/03/17 12:29, Timo Janßen wrote: >> Hi, >> >> is it possible to implement some kind of login for the usage reports >> webapp, so that only admins can see the website? In our current setup >> the tool is running on a server with many other users so that anyone who >> knows the port can open the website and see potentially sensitive data. >> >> Best regards, >> Timo >> >> >> >> ___________________________________________________________ >> Please keep all replies on the list by using "reply all" >> in your mail client. To manage your subscriptions to this >> and other Galaxy lists, please use the interface at: >> https://lists.galaxyproject.org/ >> >> To search Galaxy mailing lists use the unified search at: >> http://galaxyproject.org/search/ >> > -- ------------------------------------------------------------------------ Timo Janßen Wissenschaftliche Hilfskraft Arbeitsgruppe "Anwendungs- und Informationssysteme" Tel.: +49(0)551/201-1791 E-Mail: timo.jans...@gwdg.de ------------------------------------------------------------------------ Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen (GWDG) Am Faßberg 11, 37077 Göttingen, URL: http://www.gwdg.de Tel.: +49 551 201-1510, Fax: +49 551 201-2150, E-Mail: g...@gwdg.de Service-Hotline: Tel.: +49 551 201-1523, E-Mail: supp...@gwdg.de Geschäftsführer: Prof. Dr. Ramin Yahyapour Aufsichtsratsvorsitzender: Prof. Dr. Norbert Lassau Sitz der Gesellschaft: Göttingen Registergericht: Göttingen, Handelsregister-Nr. B 598 ------------------------------------------------------------------------ Zertifiziert nach ISO 9001 ------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/
