What folders are required to be accessed externally?

More
10 months 1 week ago #184684 by louism
Hi,
we have a Web Application Firewall (WAF) that allows us to block by URL, common threats etc etc
We are hosting LS ourselves so was wondering what URL's we need to provide for public access.
For instance, we don't want to provide access externally to the /admin folder as we manage that internally.
We can provide access to /LS root folder but was wondering what other folders within this we would require as we would need to specify them.

regards,
Louis

Please Log in or Create an account to join the conversation.

LimeSurvey Partners
More
10 months 1 week ago #184685 by jelo
What version of LS is used?
What WAF is used? Depending on the rules, you will see certain hits by LimeSurvey caused by JS libraries.

I would be surprised if someone will provide you a list with URLS, which are needed.
That can change within an update.

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users

Please Log in or Create an account to join the conversation.

More
10 months 1 week ago - 10 months 1 week ago #184702 by louism
It's a Sophos SG330 using WAF. LS is 3.4 CE.
Straight away I can see I wouldn't want:

/admin
/installer

to be accessible to the internet. I know that LS will have it's own security but it's certainly enhanced if /admin isn't accessible full stop.
So I'm wondering exactly what folders do need to be exposed and what don't for LS to function?
Last edit: 10 months 1 week ago by louism.

Please Log in or Create an account to join the conversation.

More
10 months 1 week ago #184711 by jelo

louism wrote: It's a Sophos SG330 using WAF. LS is 3.4 CE.

SG330 is quite an investment. If I remember correct, the WAF is based on a reverse proxy.
Which adds another layer of potential issues with LimeSurvey.

[quote="louism" post=184702So I'm wondering exactly what folders do need to be exposed and what don't for LS to function?[/quote]
I understand, but my WAF is based on rules and not blocking any generic path by defintion. My tools need to be accessed via Web tool

For your case (only submitting surveys via WAN, everthing else via LAN/DMZ) you can start here:
manual.limesurvey.org/Directory_structure

You will need to run tests after every update, if you block too tight.

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users

Please Log in or Create an account to join the conversation.

More
10 months 1 week ago #184736 by DenisChenu
/ and tmp/ and upload/ (in some situation) only i think …

But depend on : the url params used …

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!