tested the idea, it doesn't work. so i made simple changes to the server code and diff is attached. to change the binding ip of the webserver: add following line to conf/neo4j-server.properties: org.neo4j.server.webserver.address=127.0.0.1
On Thu, Sep 8, 2011 at 2:55 PM, Peter Neubauer <peter.neuba...@neotechnology.com> wrote: > That sounds good. Could you try it and report back? Would love to add > it to the manual and as a setting. > > Cheers, > > /peter neubauer > > GTalk: neubauer.peter > Skype peter.neubauer > Phone +46 704 106975 > LinkedIn http://www.linkedin.com/in/neubauer > Twitter http://twitter.com/peterneubauer > > http://www.neo4j.org - Your high performance graph database. > http://startupbootcamp.org/ - Öresund - Innovation happens HERE. > http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. > > > > On Thu, Sep 8, 2011 at 3:34 PM, Linan Wang <tali.w...@gmail.com> wrote: >> since neo4j just uses jetty, i think the simple solution would be add >> option in neo4j shell script: >> -Djetty.host=127.0.0.1 to make it only listen to local request. then >> use ssh tunnel to expose service to designated machines. >> >> On Thu, Sep 8, 2011 at 2:18 PM, Peter Neubauer >> <peter.neuba...@neotechnology.com> wrote: >>> Hi there, >>> you can block access to it by blocking the access to the URL >>> (localhost:.../webadmin) and even /db/manage. That requires probably >>> to set up apache and mod_proxy in front of the Neo4j server, but I >>> think that is a good idea in production scenarios anyway. >>> >>> http://docs.neo4j.org/chunked/snapshot/operations-security.html >>> >>> Cheers, >>> >>> /peter neubauer >>> >>> GTalk: neubauer.peter >>> Skype peter.neubauer >>> Phone +46 704 106975 >>> LinkedIn http://www.linkedin.com/in/neubauer >>> Twitter http://twitter.com/peterneubauer >>> >>> http://www.neo4j.org - Your high performance graph database. >>> http://startupbootcamp.org/ - Öresund - Innovation happens HERE. >>> http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. >>> >>> >>> >>> On Thu, Sep 8, 2011 at 3:08 PM, carze <ca...@som.umaryland.edu> wrote: >>>> I'm making use of the Neo4j REST API to power a website and was wondering >>>> if >>>> there was any way to block access to the web admin interface. Currently the >>>> DB is in read-only mode but the web admin panel is accessibly by anyone who >>>> can stumble upon the URL. >>>> >>>> -- >>>> View this message in context: >>>> http://neo4j-community-discussions.438527.n3.nabble.com/Blocking-access-to-the-Neo4j-web-admin-interface-tp3319626p3319626.html >>>> Sent from the Neo4j Community Discussions mailing list archive at >>>> Nabble.com. >>>> _______________________________________________ >>>> Neo4j mailing list >>>> User@lists.neo4j.org >>>> https://lists.neo4j.org/mailman/listinfo/user >>>> >>> _______________________________________________ >>> Neo4j mailing list >>> User@lists.neo4j.org >>> https://lists.neo4j.org/mailman/listinfo/user >>> >> >> >> >> -- >> Best regards >> >> Linan Wang >> _______________________________________________ >> Neo4j mailing list >> User@lists.neo4j.org >> https://lists.neo4j.org/mailman/listinfo/user >> > _______________________________________________ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user > -- Best regards Linan Wang
_______________________________________________ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user
