Re: [Neo4j] Blocking access to the Neo4j web admin interface
Thanks, on it! Will add a setting in the config files, too. Cheers, /peter neubauer GTalk: neubauer.peter Skype peter.neubauer Phone +46 704 106975 LinkedIn http://www.linkedin.com/in/neubauer Twitter http://twitter.com/peterneubauer http://www.neo4j.org - Your high performance graph database. http://startupbootcamp.org/ - Öresund - Innovation happens HERE. http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. On Fri, Sep 9, 2011 at 12:48 AM, Linan Wang wrote: > done. > https://github.com/neo4j/community/pull/16 > > On Thu, Sep 8, 2011 at 11:21 PM, Michael Hunger > wrote: >> Linan, >> >> your diff didn't make it could you just issue an pull request for that. >> >> And Peter should get you sign a CLA btw. >> >> Cheers >> >> Michael >> >> Am 08.09.2011 um 18:33 schrieb Linan Wang: >> >>> tested the idea, it doesn't work. so i made simple changes to the >>> server code and diff is attached. >>> to change the binding ip of the webserver: add following line to >>> conf/neo4j-server.properties: >>> org.neo4j.server.webserver.address=127.0.0.1 >>> >>> On Thu, Sep 8, 2011 at 2:55 PM, Peter Neubauer >>> wrote: That sounds good. Could you try it and report back? Would love to add it to the manual and as a setting. Cheers, /peter neubauer GTalk: neubauer.peter Skype peter.neubauer Phone +46 704 106975 LinkedIn http://www.linkedin.com/in/neubauer Twitter http://twitter.com/peterneubauer http://www.neo4j.org - Your high performance graph database. http://startupbootcamp.org/ - Öresund - Innovation happens HERE. http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. On Thu, Sep 8, 2011 at 3:34 PM, Linan Wang wrote: > since neo4j just uses jetty, i think the simple solution would be add > option in neo4j shell script: > -Djetty.host=127.0.0.1 to make it only listen to local request. then > use ssh tunnel to expose service to designated machines. > > On Thu, Sep 8, 2011 at 2:18 PM, Peter Neubauer > wrote: >> Hi there, >> you can block access to it by blocking the access to the URL >> (localhost:.../webadmin) and even /db/manage. That requires probably >> to set up apache and mod_proxy in front of the Neo4j server, but I >> think that is a good idea in production scenarios anyway. >> >> http://docs.neo4j.org/chunked/snapshot/operations-security.html >> >> Cheers, >> >> /peter neubauer >> >> GTalk: neubauer.peter >> Skype peter.neubauer >> Phone +46 704 106975 >> LinkedIn http://www.linkedin.com/in/neubauer >> Twitter http://twitter.com/peterneubauer >> >> http://www.neo4j.org - Your high performance graph >> database. >> http://startupbootcamp.org/ - Öresund - Innovation happens HERE. >> http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. >> >> >> >> On Thu, Sep 8, 2011 at 3:08 PM, carze wrote: >>> I'm making use of the Neo4j REST API to power a website and was >>> wondering if >>> there was any way to block access to the web admin interface. Currently >>> the >>> DB is in read-only mode but the web admin panel is accessibly by anyone >>> who >>> can stumble upon the URL. >>> >>> -- >>> View this message in context: >>> http://neo4j-community-discussions.438527.n3.nabble.com/Blocking-access-to-the-Neo4j-web-admin-interface-tp3319626p3319626.html >>> Sent from the Neo4j Community Discussions mailing list archive at >>> Nabble.com. >>> ___ >>> Neo4j mailing list >>> User@lists.neo4j.org >>> https://lists.neo4j.org/mailman/listinfo/user >>> >> ___ >> Neo4j mailing list >> User@lists.neo4j.org >> https://lists.neo4j.org/mailman/listinfo/user >> > > > > -- > Best regards > > Linan Wang > ___ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user > ___ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user >>> >>> >>> >>> -- >>> Best regards >>> >>> Linan Wang >>> ___ >>> Neo4j mailing list >>> User@lists.neo4j.org >>> https://lists.neo4j.org/mailman/listinfo/user >> >> ___ >> Neo4j mailing list >> User@lists.neo4j.org >> https://lists.neo4j.org/mailman/listinfo/user >> > > > > -- > Best regards > > Linan Wang > ___ > Neo4j mailing list > User@lists.neo4j.org > https://lists.ne
Re: [Neo4j] Blocking access to the Neo4j web admin interface
done. https://github.com/neo4j/community/pull/16 On Thu, Sep 8, 2011 at 11:21 PM, Michael Hunger wrote: > Linan, > > your diff didn't make it could you just issue an pull request for that. > > And Peter should get you sign a CLA btw. > > Cheers > > Michael > > Am 08.09.2011 um 18:33 schrieb Linan Wang: > >> tested the idea, it doesn't work. so i made simple changes to the >> server code and diff is attached. >> to change the binding ip of the webserver: add following line to >> conf/neo4j-server.properties: >> org.neo4j.server.webserver.address=127.0.0.1 >> >> On Thu, Sep 8, 2011 at 2:55 PM, Peter Neubauer >> wrote: >>> That sounds good. Could you try it and report back? Would love to add >>> it to the manual and as a setting. >>> >>> Cheers, >>> >>> /peter neubauer >>> >>> GTalk: neubauer.peter >>> Skype peter.neubauer >>> Phone +46 704 106975 >>> LinkedIn http://www.linkedin.com/in/neubauer >>> Twitter http://twitter.com/peterneubauer >>> >>> http://www.neo4j.org - Your high performance graph database. >>> http://startupbootcamp.org/ - Öresund - Innovation happens HERE. >>> http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. >>> >>> >>> >>> On Thu, Sep 8, 2011 at 3:34 PM, Linan Wang wrote: since neo4j just uses jetty, i think the simple solution would be add option in neo4j shell script: -Djetty.host=127.0.0.1 to make it only listen to local request. then use ssh tunnel to expose service to designated machines. On Thu, Sep 8, 2011 at 2:18 PM, Peter Neubauer wrote: > Hi there, > you can block access to it by blocking the access to the URL > (localhost:.../webadmin) and even /db/manage. That requires probably > to set up apache and mod_proxy in front of the Neo4j server, but I > think that is a good idea in production scenarios anyway. > > http://docs.neo4j.org/chunked/snapshot/operations-security.html > > Cheers, > > /peter neubauer > > GTalk: neubauer.peter > Skype peter.neubauer > Phone +46 704 106975 > LinkedIn http://www.linkedin.com/in/neubauer > Twitter http://twitter.com/peterneubauer > > http://www.neo4j.org - Your high performance graph database. > http://startupbootcamp.org/ - Öresund - Innovation happens HERE. > http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. > > > > On Thu, Sep 8, 2011 at 3:08 PM, carze wrote: >> I'm making use of the Neo4j REST API to power a website and was >> wondering if >> there was any way to block access to the web admin interface. Currently >> the >> DB is in read-only mode but the web admin panel is accessibly by anyone >> who >> can stumble upon the URL. >> >> -- >> View this message in context: >> http://neo4j-community-discussions.438527.n3.nabble.com/Blocking-access-to-the-Neo4j-web-admin-interface-tp3319626p3319626.html >> Sent from the Neo4j Community Discussions mailing list archive at >> Nabble.com. >> ___ >> Neo4j mailing list >> User@lists.neo4j.org >> https://lists.neo4j.org/mailman/listinfo/user >> > ___ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user > -- Best regards Linan Wang ___ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user >>> ___ >>> Neo4j mailing list >>> User@lists.neo4j.org >>> https://lists.neo4j.org/mailman/listinfo/user >>> >> >> >> >> -- >> Best regards >> >> Linan Wang >> ___ >> Neo4j mailing list >> User@lists.neo4j.org >> https://lists.neo4j.org/mailman/listinfo/user > > ___ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user > -- Best regards Linan Wang ___ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user
Re: [Neo4j] Blocking access to the Neo4j web admin interface
Linan, your diff didn't make it could you just issue an pull request for that. And Peter should get you sign a CLA btw. Cheers Michael Am 08.09.2011 um 18:33 schrieb Linan Wang: > tested the idea, it doesn't work. so i made simple changes to the > server code and diff is attached. > to change the binding ip of the webserver: add following line to > conf/neo4j-server.properties: > org.neo4j.server.webserver.address=127.0.0.1 > > On Thu, Sep 8, 2011 at 2:55 PM, Peter Neubauer > wrote: >> That sounds good. Could you try it and report back? Would love to add >> it to the manual and as a setting. >> >> Cheers, >> >> /peter neubauer >> >> GTalk: neubauer.peter >> Skype peter.neubauer >> Phone +46 704 106975 >> LinkedIn http://www.linkedin.com/in/neubauer >> Twitter http://twitter.com/peterneubauer >> >> http://www.neo4j.org - Your high performance graph database. >> http://startupbootcamp.org/- Öresund - Innovation happens HERE. >> http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. >> >> >> >> On Thu, Sep 8, 2011 at 3:34 PM, Linan Wang wrote: >>> since neo4j just uses jetty, i think the simple solution would be add >>> option in neo4j shell script: >>> -Djetty.host=127.0.0.1 to make it only listen to local request. then >>> use ssh tunnel to expose service to designated machines. >>> >>> On Thu, Sep 8, 2011 at 2:18 PM, Peter Neubauer >>> wrote: Hi there, you can block access to it by blocking the access to the URL (localhost:.../webadmin) and even /db/manage. That requires probably to set up apache and mod_proxy in front of the Neo4j server, but I think that is a good idea in production scenarios anyway. http://docs.neo4j.org/chunked/snapshot/operations-security.html Cheers, /peter neubauer GTalk: neubauer.peter Skype peter.neubauer Phone +46 704 106975 LinkedIn http://www.linkedin.com/in/neubauer Twitter http://twitter.com/peterneubauer http://www.neo4j.org - Your high performance graph database. http://startupbootcamp.org/- Öresund - Innovation happens HERE. http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. On Thu, Sep 8, 2011 at 3:08 PM, carze wrote: > I'm making use of the Neo4j REST API to power a website and was wondering > if > there was any way to block access to the web admin interface. Currently > the > DB is in read-only mode but the web admin panel is accessibly by anyone > who > can stumble upon the URL. > > -- > View this message in context: > http://neo4j-community-discussions.438527.n3.nabble.com/Blocking-access-to-the-Neo4j-web-admin-interface-tp3319626p3319626.html > Sent from the Neo4j Community Discussions mailing list archive at > Nabble.com. > ___ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user > ___ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user >>> >>> >>> >>> -- >>> Best regards >>> >>> Linan Wang >>> ___ >>> Neo4j mailing list >>> User@lists.neo4j.org >>> https://lists.neo4j.org/mailman/listinfo/user >>> >> ___ >> Neo4j mailing list >> User@lists.neo4j.org >> https://lists.neo4j.org/mailman/listinfo/user >> > > > > -- > Best regards > > Linan Wang > ___ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user ___ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user
Re: [Neo4j] Blocking access to the Neo4j web admin interface
tested the idea, it doesn't work. so i made simple changes to the server code and diff is attached. to change the binding ip of the webserver: add following line to conf/neo4j-server.properties: org.neo4j.server.webserver.address=127.0.0.1 On Thu, Sep 8, 2011 at 2:55 PM, Peter Neubauer wrote: > That sounds good. Could you try it and report back? Would love to add > it to the manual and as a setting. > > Cheers, > > /peter neubauer > > GTalk: neubauer.peter > Skype peter.neubauer > Phone +46 704 106975 > LinkedIn http://www.linkedin.com/in/neubauer > Twitter http://twitter.com/peterneubauer > > http://www.neo4j.org - Your high performance graph database. > http://startupbootcamp.org/ - Öresund - Innovation happens HERE. > http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. > > > > On Thu, Sep 8, 2011 at 3:34 PM, Linan Wang wrote: >> since neo4j just uses jetty, i think the simple solution would be add >> option in neo4j shell script: >> -Djetty.host=127.0.0.1 to make it only listen to local request. then >> use ssh tunnel to expose service to designated machines. >> >> On Thu, Sep 8, 2011 at 2:18 PM, Peter Neubauer >> wrote: >>> Hi there, >>> you can block access to it by blocking the access to the URL >>> (localhost:.../webadmin) and even /db/manage. That requires probably >>> to set up apache and mod_proxy in front of the Neo4j server, but I >>> think that is a good idea in production scenarios anyway. >>> >>> http://docs.neo4j.org/chunked/snapshot/operations-security.html >>> >>> Cheers, >>> >>> /peter neubauer >>> >>> GTalk: neubauer.peter >>> Skype peter.neubauer >>> Phone +46 704 106975 >>> LinkedIn http://www.linkedin.com/in/neubauer >>> Twitter http://twitter.com/peterneubauer >>> >>> http://www.neo4j.org - Your high performance graph database. >>> http://startupbootcamp.org/ - Öresund - Innovation happens HERE. >>> http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. >>> >>> >>> >>> On Thu, Sep 8, 2011 at 3:08 PM, carze wrote: I'm making use of the Neo4j REST API to power a website and was wondering if there was any way to block access to the web admin interface. Currently the DB is in read-only mode but the web admin panel is accessibly by anyone who can stumble upon the URL. -- View this message in context: http://neo4j-community-discussions.438527.n3.nabble.com/Blocking-access-to-the-Neo4j-web-admin-interface-tp3319626p3319626.html Sent from the Neo4j Community Discussions mailing list archive at Nabble.com. ___ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user >>> ___ >>> Neo4j mailing list >>> User@lists.neo4j.org >>> https://lists.neo4j.org/mailman/listinfo/user >>> >> >> >> >> -- >> Best regards >> >> Linan Wang >> ___ >> Neo4j mailing list >> User@lists.neo4j.org >> https://lists.neo4j.org/mailman/listinfo/user >> > ___ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user > -- Best regards Linan Wang ___ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user
Re: [Neo4j] Blocking access to the Neo4j web admin interface
That sounds good. Could you try it and report back? Would love to add it to the manual and as a setting. Cheers, /peter neubauer GTalk: neubauer.peter Skype peter.neubauer Phone +46 704 106975 LinkedIn http://www.linkedin.com/in/neubauer Twitter http://twitter.com/peterneubauer http://www.neo4j.org - Your high performance graph database. http://startupbootcamp.org/ - Öresund - Innovation happens HERE. http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. On Thu, Sep 8, 2011 at 3:34 PM, Linan Wang wrote: > since neo4j just uses jetty, i think the simple solution would be add > option in neo4j shell script: > -Djetty.host=127.0.0.1 to make it only listen to local request. then > use ssh tunnel to expose service to designated machines. > > On Thu, Sep 8, 2011 at 2:18 PM, Peter Neubauer > wrote: >> Hi there, >> you can block access to it by blocking the access to the URL >> (localhost:.../webadmin) and even /db/manage. That requires probably >> to set up apache and mod_proxy in front of the Neo4j server, but I >> think that is a good idea in production scenarios anyway. >> >> http://docs.neo4j.org/chunked/snapshot/operations-security.html >> >> Cheers, >> >> /peter neubauer >> >> GTalk: neubauer.peter >> Skype peter.neubauer >> Phone +46 704 106975 >> LinkedIn http://www.linkedin.com/in/neubauer >> Twitter http://twitter.com/peterneubauer >> >> http://www.neo4j.org - Your high performance graph database. >> http://startupbootcamp.org/ - Öresund - Innovation happens HERE. >> http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. >> >> >> >> On Thu, Sep 8, 2011 at 3:08 PM, carze wrote: >>> I'm making use of the Neo4j REST API to power a website and was wondering if >>> there was any way to block access to the web admin interface. Currently the >>> DB is in read-only mode but the web admin panel is accessibly by anyone who >>> can stumble upon the URL. >>> >>> -- >>> View this message in context: >>> http://neo4j-community-discussions.438527.n3.nabble.com/Blocking-access-to-the-Neo4j-web-admin-interface-tp3319626p3319626.html >>> Sent from the Neo4j Community Discussions mailing list archive at >>> Nabble.com. >>> ___ >>> Neo4j mailing list >>> User@lists.neo4j.org >>> https://lists.neo4j.org/mailman/listinfo/user >>> >> ___ >> Neo4j mailing list >> User@lists.neo4j.org >> https://lists.neo4j.org/mailman/listinfo/user >> > > > > -- > Best regards > > Linan Wang > ___ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user > ___ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user
Re: [Neo4j] Blocking access to the Neo4j web admin interface
since neo4j just uses jetty, i think the simple solution would be add option in neo4j shell script: -Djetty.host=127.0.0.1 to make it only listen to local request. then use ssh tunnel to expose service to designated machines. On Thu, Sep 8, 2011 at 2:18 PM, Peter Neubauer wrote: > Hi there, > you can block access to it by blocking the access to the URL > (localhost:.../webadmin) and even /db/manage. That requires probably > to set up apache and mod_proxy in front of the Neo4j server, but I > think that is a good idea in production scenarios anyway. > > http://docs.neo4j.org/chunked/snapshot/operations-security.html > > Cheers, > > /peter neubauer > > GTalk: neubauer.peter > Skype peter.neubauer > Phone +46 704 106975 > LinkedIn http://www.linkedin.com/in/neubauer > Twitter http://twitter.com/peterneubauer > > http://www.neo4j.org - Your high performance graph database. > http://startupbootcamp.org/ - Öresund - Innovation happens HERE. > http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. > > > > On Thu, Sep 8, 2011 at 3:08 PM, carze wrote: >> I'm making use of the Neo4j REST API to power a website and was wondering if >> there was any way to block access to the web admin interface. Currently the >> DB is in read-only mode but the web admin panel is accessibly by anyone who >> can stumble upon the URL. >> >> -- >> View this message in context: >> http://neo4j-community-discussions.438527.n3.nabble.com/Blocking-access-to-the-Neo4j-web-admin-interface-tp3319626p3319626.html >> Sent from the Neo4j Community Discussions mailing list archive at Nabble.com. >> ___ >> Neo4j mailing list >> User@lists.neo4j.org >> https://lists.neo4j.org/mailman/listinfo/user >> > ___ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user > -- Best regards Linan Wang ___ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user
Re: [Neo4j] Blocking access to the Neo4j web admin interface
Hi there, you can block access to it by blocking the access to the URL (localhost:.../webadmin) and even /db/manage. That requires probably to set up apache and mod_proxy in front of the Neo4j server, but I think that is a good idea in production scenarios anyway. http://docs.neo4j.org/chunked/snapshot/operations-security.html Cheers, /peter neubauer GTalk: neubauer.peter Skype peter.neubauer Phone +46 704 106975 LinkedIn http://www.linkedin.com/in/neubauer Twitter http://twitter.com/peterneubauer http://www.neo4j.org - Your high performance graph database. http://startupbootcamp.org/ - Öresund - Innovation happens HERE. http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. On Thu, Sep 8, 2011 at 3:08 PM, carze wrote: > I'm making use of the Neo4j REST API to power a website and was wondering if > there was any way to block access to the web admin interface. Currently the > DB is in read-only mode but the web admin panel is accessibly by anyone who > can stumble upon the URL. > > -- > View this message in context: > http://neo4j-community-discussions.438527.n3.nabble.com/Blocking-access-to-the-Neo4j-web-admin-interface-tp3319626p3319626.html > Sent from the Neo4j Community Discussions mailing list archive at Nabble.com. > ___ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user > ___ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user