Book Image

Plone 3.3 Site Administration

Book Image

Plone 3.3 Site Administration

Overview of this book

In the past few years, we have seen some dramatic changes in the way Plone sites are being developed, deployed, and maintained. As a result, developing and deploying sites, changing their default settings, and performing day to day maintenance tasks can be a challenge. This book covers site administration tasks, from setting up a development instance, to optimizing a deployed production site, and more. It demonstrates how-to perform these tasks in a comprehensive way, and walks the user through the necessary steps to achieve results.We have divided the subject of Plone site administration into three categories: development, deployment, and maintenance. We begin by explaining how a Plone site is built, and how to start using it through the web. Next, we add features by installing add-on products, focusing on themes, blogging, and other common enhancements. After the basics of developing and deploying a Plone site are covered, the book covers the basics of maintaining it.Further, throughout the book we preview some new technologies related to Plone site administration, available now as add-ons to the current Plone release. Finally, we will cover a variety of techniques to help you optimize your site's performance.
Table of Contents (15 chapters)
Plone 3.3 Site Administration
Credits
Foreword
About the Author
About the Reviewer
Preface
Index

Restricting TCP/IP access to localhost or LAN host


One of the simplest things we can do to secure our system is to operate our Zope 2 instances only on the IP addresses that they are required to listen on.

In most cases, it is 127.0.0.1 (or localhost, as it is commonly referred to) but it can also be a LAN host that is a private, non-routable IP address used only on your local area network (LAN).

In this chapter, we will not cover LAN hosts. However, we suggest you consider using them when you need to access instances from another host on the LAN; otherwise, just use localhost.

In the case of LAN hosts, once configured, they will protect ports from being accessed by the outside world (that is Internet). However, it will allow them to be accessible from the LAN where you may want to configure monitoring, for example via Munin (covered in Chapter 6), Zenoss (http://community.zenoss.org), and so on.

What we will cover is how to use the localhost IP address.

In 07-security-localhost.cfg, we have...