Linan, your diff didn't make it could you just issue an pull request for that.
And Peter should get you sign a CLA btw. Cheers Michael Am 08.09.2011 um 18:33 schrieb Linan Wang: > tested the idea, it doesn't work. so i made simple changes to the > server code and diff is attached. > to change the binding ip of the webserver: add following line to > conf/neo4j-server.properties: > org.neo4j.server.webserver.address=127.0.0.1 > > On Thu, Sep 8, 2011 at 2:55 PM, Peter Neubauer > <peter.neuba...@neotechnology.com> wrote: >> That sounds good. Could you try it and report back? Would love to add >> it to the manual and as a setting. >> >> Cheers, >> >> /peter neubauer >> >> GTalk: neubauer.peter >> Skype peter.neubauer >> Phone +46 704 106975 >> LinkedIn http://www.linkedin.com/in/neubauer >> Twitter http://twitter.com/peterneubauer >> >> http://www.neo4j.org - Your high performance graph database. >> http://startupbootcamp.org/ - Ă–resund - Innovation happens HERE. >> http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. >> >> >> >> On Thu, Sep 8, 2011 at 3:34 PM, Linan Wang <tali.w...@gmail.com> wrote: >>> since neo4j just uses jetty, i think the simple solution would be add >>> option in neo4j shell script: >>> -Djetty.host=127.0.0.1 to make it only listen to local request. then >>> use ssh tunnel to expose service to designated machines. >>> >>> On Thu, Sep 8, 2011 at 2:18 PM, Peter Neubauer >>> <peter.neuba...@neotechnology.com> wrote: >>>> Hi there, >>>> you can block access to it by blocking the access to the URL >>>> (localhost:.../webadmin) and even /db/manage. That requires probably >>>> to set up apache and mod_proxy in front of the Neo4j server, but I >>>> think that is a good idea in production scenarios anyway. >>>> >>>> http://docs.neo4j.org/chunked/snapshot/operations-security.html >>>> >>>> Cheers, >>>> >>>> /peter neubauer >>>> >>>> GTalk: neubauer.peter >>>> Skype peter.neubauer >>>> Phone +46 704 106975 >>>> LinkedIn http://www.linkedin.com/in/neubauer >>>> Twitter http://twitter.com/peterneubauer >>>> >>>> http://www.neo4j.org - Your high performance graph database. >>>> http://startupbootcamp.org/ - Ă–resund - Innovation happens HERE. >>>> http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. >>>> >>>> >>>> >>>> On Thu, Sep 8, 2011 at 3:08 PM, carze <ca...@som.umaryland.edu> wrote: >>>>> I'm making use of the Neo4j REST API to power a website and was wondering >>>>> if >>>>> there was any way to block access to the web admin interface. Currently >>>>> the >>>>> DB is in read-only mode but the web admin panel is accessibly by anyone >>>>> who >>>>> can stumble upon the URL. >>>>> >>>>> -- >>>>> View this message in context: >>>>> http://neo4j-community-discussions.438527.n3.nabble.com/Blocking-access-to-the-Neo4j-web-admin-interface-tp3319626p3319626.html >>>>> Sent from the Neo4j Community Discussions mailing list archive at >>>>> Nabble.com. >>>>> _______________________________________________ >>>>> Neo4j mailing list >>>>> User@lists.neo4j.org >>>>> https://lists.neo4j.org/mailman/listinfo/user >>>>> >>>> _______________________________________________ >>>> Neo4j mailing list >>>> User@lists.neo4j.org >>>> https://lists.neo4j.org/mailman/listinfo/user >>>> >>> >>> >>> >>> -- >>> Best regards >>> >>> Linan Wang >>> _______________________________________________ >>> Neo4j mailing list >>> User@lists.neo4j.org >>> https://lists.neo4j.org/mailman/listinfo/user >>> >> _______________________________________________ >> Neo4j mailing list >> User@lists.neo4j.org >> https://lists.neo4j.org/mailman/listinfo/user >> > > > > -- > Best regards > > Linan Wang > _______________________________________________ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user _______________________________________________ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user
