What folders are required to be accessed externally?

Plus d'informations
il y a 10 mois 1 semaine #184684 par louism
Hi,
we have a Web Application Firewall (WAF) that allows us to block by URL, common threats etc etc
We are hosting LS ourselves so was wondering what URL's we need to provide for public access.
For instance, we don't want to provide access externally to the /admin folder as we manage that internally.
We can provide access to /LS root folder but was wondering what other folders within this we would require as we would need to specify them.

regards,
Louis

Connexion ou Créer un compte pour participer à la conversation.

LimeSurvey Partners
Plus d'informations
il y a 10 mois 1 semaine #184685 par jelo
What version of LS is used?
What WAF is used? Depending on the rules, you will see certain hits by LimeSurvey caused by JS libraries.

I would be surprised if someone will provide you a list with URLS, which are needed.
That can change within an update.

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users

Connexion ou Créer un compte pour participer à la conversation.

Plus d'informations
il y a 10 mois 1 semaine - il y a 10 mois 1 semaine #184702 par louism
It's a Sophos SG330 using WAF. LS is 3.4 CE.
Straight away I can see I wouldn't want:

/admin
/installer

to be accessible to the internet. I know that LS will have it's own security but it's certainly enhanced if /admin isn't accessible full stop.
So I'm wondering exactly what folders do need to be exposed and what don't for LS to function?
Dernière édition: il y a 10 mois 1 semaine par louism.

Connexion ou Créer un compte pour participer à la conversation.

Plus d'informations
il y a 10 mois 1 semaine #184711 par jelo

louism écrit: It's a Sophos SG330 using WAF. LS is 3.4 CE.

SG330 is quite an investment. If I remember correct, the WAF is based on a reverse proxy.
Which adds another layer of potential issues with LimeSurvey.

[quote="louism" post=184702So I'm wondering exactly what folders do need to be exposed and what don't for LS to function?[/quote]
I understand, but my WAF is based on rules and not blocking any generic path by defintion. My tools need to be accessed via Web tool

For your case (only submitting surveys via WAN, everthing else via LAN/DMZ) you can start here:
manual.limesurvey.org/Directory_structure

You will need to run tests after every update, if you block too tight.

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users

Connexion ou Créer un compte pour participer à la conversation.

Plus d'informations
il y a 10 mois 1 semaine #184736 par DenisChenu
/ and tmp/ and upload/ (in some situation) only i think …

But depend on : the url params used …

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
An error happen ? Before make a new topic : remind the Debug mode .

Connexion ou Créer un compte pour participer à la conversation.

Commencez dès maintenant !

Créez simplement un compte et commencez à utiliser LimeSurvey dès aujourd'hui.

Inscrivez-vous maintenant

Inscrivez-vous à notre Newsletter!