Apache OpenMeetings - How to restrict access to your Openmeetings server

Demo | Download | Installation | Wiki

General

Home
License
ASF
Downloads
Commercial Support

Installation and Upgrade

Installation
Upgrade
Tutorials
Command Line Admin

Community

Get Involved
Committers
Mailing Lists
Wiki

Development

Source Code
Bugs / Issues (JIRA)
Dependencies
Build Instructions
JUnit Testing
Manual Testing
Release Guide
Website Guide

Integration

SOAP/REST API
REST API Sample
Ldap and ADS
VoIP and SIP
Errors table

Plugins

Moodle Plugin
Sakai Plugin
Jira Plugin
Joomla Plugin
Drupal Plugin
Bitrix Plugin
Confluence Plugin
SugarCRM Plugin
Redmine Plugin

DB Sample Configurations
Apache Derby
IBM DB2
Oracle
MySQL
Postgres
MSSQL
Localization and languages
Internationalisation
LanguageEditor
TimeZoneHandling
EditTemplates
NAT Port Settings
Port settings
Performance
JVM performance tuning
User Interface
Themes
Dashboard
Webcam resolutions
Room layout options
Hot Keys
Customization
Webapp name/path
Navigation
Calendar and timezone
Custom room type
Custom ctypt mechanism
General Configuration
Security
Restricted Access
RTMPS and HTTPS
Converters
OpenOffice Converter
FFMPEG Version Switch
Clustering
Clustering
Misc
Get version info

Server Side

You can protect your OpenMeetings instance from beeing accessed from 3th party by using the file:

$RED5_HOME/webapps/openmeetings/WEB-INF/red5-web.properties

Content:

webapp.virtualHosts=*,localhost, 127.0.0.1
http://svn.apache.org/viewvc/openmeetings/trunk/singlewebapp/WebContent/WEB-INF/red5-web.properties

Client Side

And you can restrict the access also for the client side: Every Flash Plugin will check a file called "crossdomain.xml" before it tries to access the server using rtmp/RPC. This file is located:

$RED5_HOME/webapps/root/crossdomain.xml

Content:

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="localhost" to-ports="20-65535"/>
<allow-access-from domain="*.local" to-ports="20-65535"/>
</cross-domain-policy>

Sample file: http://code.google.com/p/red5/source/browse/java/server/trunk/webapps/root/crossdomain.xml

If you accessing your application behind an Apache Webservre (using mod_proxy or mod_jk2) be careful to make the crossdomain.xml accessible. Flash will always search for this file in the www-root directory of every URL you connect to. You might use FireBug for example to lookup requests.