Protecting the Dashboard

The current version of Dashboard will allow any logged in user to moderate all content. Thus, remember to protect the Dashboard from the outside world by running it only on the editorial (publication) server or blocking it from all other networks than your local one. This access control can be done in your web server (e.g. Apache) or cache server (e.g. Varnish).

Here is an example how to restrict access to the Web Studio (normally called "escenic"), Phoenix (normally called "escenic-admin") and Dashboard (normally called "dashboard") webapps using the Varnish cache server:

acl mynetwork {
  "192.0.2.0"/24;
}

sub vcl_recv {
  [..]
  if (!client.ip ~ mynetwork &&
      (req.url ~ "^/escenic" ||
       req.url ~ "^/escenic-admin" ||
       req.url ~ "^/dashboard")) {
    error 405 "Not allowed.";
  }
  [..]
}