| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
| administration:security [2020/06/29 12:11] – demiankatz | administration:security [2022/10/18 17:05] – demiankatz |
|---|
| ===== Using SSL ===== | ===== Using SSL ===== |
| |
| If your VuFind system takes sensitive information as input (for example, if you use a shared authentication method and want to protect passwords from being sent in plain text), you may want to consider putting it behind SSL so that communications are encrypted. | If your VuFind® system takes sensitive information as input (for example, if you use a shared authentication method and want to protect passwords from being sent in plain text), you may want to consider putting it behind SSL so that communications are encrypted. |
| |
| SSL configuration is beyond the scope of this document, but a lot of helpful resources exist on the web. For example, the [[http://tldp.org/HOWTO/SSL-RedHat-HOWTO.html|Building a Secure RedHat Apache Server HOWTO]] is a good starting point (and relevant beyond just RedHat). | SSL configuration is beyond the scope of this document, but a lot of helpful resources exist on the web. For example, the [[http://tldp.org/HOWTO/SSL-RedHat-HOWTO.html|Building a Secure RedHat Apache Server HOWTO]] is a good starting point (and relevant beyond just RedHat). |
| |
| Once you have SSL configured, if you want to force VuFind to always run behind SSL, you can add these lines above the other RewriteRules in your Apache configuration in httpd-vufind.conf to force a redirect of non-SSL traffic to SSL URLs: | Once you have SSL configured, if you want to force VuFind® to always run behind SSL, you can add these lines above the other RewriteRules in your Apache configuration in httpd-vufind.conf to force a redirect of non-SSL traffic to SSL URLs: |
| |
| <code> | <code> |
| </code> | </code> |
| |
| IMPORTANT: If you change VuFind to run under SSL, don't forget to adjust your base URL in [[configuration:files:config.ini]] accordingly. | IMPORTANT: If you change VuFind® to run under SSL, don't forget to adjust your base URL in [[configuration:files:config.ini]] accordingly. |
| |
| ===== Locking Down Solr ===== | ===== Locking Down Solr ===== |
| |
| To ensure that your data is secure, it is advised that you lock down the Solr server to only be accessible from your local webserver. The default port is 8983 in VuFind 7 and newer, 8080 in 6.x and earlier. This port should be locked down to eliminate security threats to your data. | To ensure that your data is secure, it is advised that you lock down the Solr server to only be accessible from your local webserver. The default port is 8983 in VuFind® 7 and newer, 8080 in 6.x and earlier. This port should be locked down to eliminate security threats to your data. |
| |
| |
| === 1. Reconfigure Solr === | === 1. Reconfigure Solr === |
| |
| If using VuFind 3.0 or newer, the Solr port number is controlled by the SOLR_PORT environment variable; just set this before [[administration:starting_and_stopping_solr|starting Solr]] (e.g. with "export SOLR_PORT=xxxx") and the server will run on the desired port. | If using VuFind® 3.0 or newer, the Solr port number is controlled by the SOLR_PORT environment variable; just set this before [[administration:starting_and_stopping_solr|starting Solr]] (e.g. with "export SOLR_PORT=xxxx") and the server will run on the desired port. |
| |
| If using VuFind 2.x or earlier, you can change the port number used by Solr by editing the file solr/jetty/etc/jetty.xml under your VuFind installation and changing the jetty.port SystemProperty. | If using VuFind® 2.x or earlier, you can change the port number used by Solr by editing the file solr/jetty/etc/jetty.xml under your VuFind® installation and changing the jetty.port SystemProperty. |
| |
| === 2. Reconfigure VuFind === | === 2. Reconfigure VuFind® === |
| |
| You will need to adjust a few configuration files to reflect the new port number you have chosen. | You will need to adjust a few configuration files to reflect the new port number you have chosen. |
| == A. SolrMarc Import Configuration == | == A. SolrMarc Import Configuration == |
| |
| If you use SolrMarc to import MARC records, you must edit the solr.hosturl setting in the import/import.properties file (and also import/import_auth.properties, if you plan on importing authority records). Be sure to edit the versions in your [[configuration:local_settings_directory|local settings directory]] if using VuFind 2.x or newer. | If you use SolrMarc to import MARC records, you must edit the solr.hosturl setting in the import/import.properties file (and also import/import_auth.properties, if you plan on importing authority records). Be sure to edit the versions in your [[configuration:local_settings_directory|local settings directory]] if using VuFind® 2.x or newer. |
| |
| <code> | <code> |
| </code> | </code> |
| |
| == B. VuFind Configuration == | == B. VuFind® Configuration == |
| |
| To ensure that VuFind can perform Solr searches, edit the [Index] section of the [[configuration:files:config.ini]] file as appropriate: | To ensure that VuFind® can perform Solr searches, edit the [Index] section of the [[configuration:files:config.ini]] file as appropriate: |
| <code> | <code> |
| [Index] | [Index] |
| ===== Locking Down the Admin Panel ===== | ===== Locking Down the Admin Panel ===== |
| |
| VuFind includes an administration module (accessible through <nowiki>http://your_vufind_url/Admin/Home</nowiki>). This is useful, but it should not be exposed to the general public. The access.AdminModule [[configuration:permission_options|permission]] can be used to grant granular control to the module. The entire module can still be disabled using the System/admin_enabled setting if desired. | VuFind® includes an administration module (accessible through <nowiki>http://your_vufind_url/Admin/Home</nowiki>). This is useful, but it should not be exposed to the general public. The access.AdminModule [[configuration:permission_options|permission]] can be used to grant granular control to the module. The entire module can still be disabled using the System/admin_enabled setting if desired. |
| | |
| | ===== Proxies and IP Authentication ===== |
| | |
| | If you rely on IP authentication for setting VuFind® permissions, and if your VuFind® server is located behind a proxy on the network, you may have difficulty accurately identifying users. There are HTTP headers, including X-Real-IP and X-Forwarded-For, which can be used to identify users on the other side of a proxy, but they can be easily spoofed. |
| | |
| | It may be possible to work around this problem through careful configuration of your proxy (e.g. by making it filter out these headers from incoming requests) and use of the [[https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html|mod_remoteip]] Apache plugin. In essence, these HTTP headers must be treated as non-trusted content when they come from a client, just like any other data in a client request. |
| | |
| | In case this approach is not possible, starting with VuFind® 7.0.1, the config.ini [Proxy] section contains allow_forwarded_ips and forwarded_ip_filter settings which can be used to control how VuFind® identifies IP addresses based on HTTP headers. The full details on configuration options can be found in the comments in that file. |
| | |
| | By default, all IP-forwarding headers are ignored, but by turning on allow_forwarded_ips, you can tell VuFind® which headers to trust, and how to handle multi-valued headers. The forwarded_ip_filter setting can be used to filter own the addresses of known internal network devices. You also have the option of extending/overriding the VuFind®\Net\UserIpReader class if you need to apply more nuanced, institution-specific logic. |
| | |
| | If you plan to use this feature, you should install one of the many available browser plugins for editing HTTP headers, and determine exactly how your proxy behaves when receiving falsified headers. (A quick way to do to this is to var_dump the $_SERVER superglobal in a PHP script that you can access through your proxy). Based on this information, you should be able to adjust the configuration of VuFind® and/or your proxy to reduce the risk of spoofing. |
| |
| ===== Securing User Credentials ===== | ===== Securing User Credentials ===== |
| |
| VuFind stores some user information in its database. Starting with VuFind 2.0RC1, you have the option to perform extra hashing/encryption to protect these credentials. The settings are off by default in [[configuration:files:config.ini]], but they can be enabled through VuFind's auto-configuration pages. Enabling security is highly recommended. | VuFind® stores some user information in its database. Starting with VuFind® 2.0RC1, you have the option to perform extra hashing/encryption to protect these credentials. The settings are off by default in [[configuration:files:config.ini]], but they can be enabled through VuFind®'s auto-configuration pages. Enabling security is highly recommended. |
| | |
| | When using some [[configuration:authentication]] options, you have the ability to pre-populate user ILS credentials in the database. In some scenarios, it is possible to configure ILS drivers to look up users based only on usernames or other "public knowledge" fields. In these cases, you should disable direct user login using the allowUserLogin setting in the [Catalog] section of [[configuration:files:config.ini]] to eliminate the possibility of users attempting to impersonate one another. This setting was introduced in VuFind® 9.0. |
| |
| ===== Using a Content Security Policy ===== | ===== Using a Content Security Policy ===== |
| |
| Starting with VuFind 7.0, you can configure a [[administration:security:content_security_policy|content security policy]] to protect against cross-site scripting and other vulnerabilities. See the [[administration:security:content_security_policy|content security policy]] page for more details. | Starting with VuFind® 7.0, you can configure a [[administration:security:content_security_policy|content security policy]] to protect against cross-site scripting and other vulnerabilities. See the [[administration:security:content_security_policy|content security policy]] page for more details. |
| ---- struct data ---- | ---- struct data ---- |
| | properties.Page Owner : |
| ---- | ---- |
| |
