Accessing the BlueDragon Admin outside your localhost

Are you interested in accessing your BlueDragon Administrator from outside the machine on which it's installed? Or have you tried to access it (even on a localhost) by way of an integrated web server (like Apache or IIS)? You've then found that it can't be done.

The fact is, these are security precautions that we've set by default. They're discussed in the Admin help pages. But if you can't get into the admin to read that, then it doesn't help much I suppose. :-) So let me explain the situation.

We've set things up by default (for your security) so that the Admin is available only through our built-in web server. By default, that's accessible as port 8080. Even if you do integration with Apache (or IIS, etc.), you can still only access the Admin through the built-in web server. This is preconfigured and can't be changed.

Further, we've set the built-in web server so that it can only be accessible from the localhost. So if you try to connect to it remotely, even with the correct port number for the built-in web server, it still won't work.

The good news is that you CAN change that. Of course, you may want to set it to a limited IP address or range, so as not to expose your BlueDragon Admin too widely. But indeed, if you want to access the Admin remotely, you may well have to change it. (I say "may well" because there are some other alternatives that have been identified using SSH and other tunneling approachs, which I will describe in later blog entries, that may offer a better approach.)

Anyway, to modify the built-in web server to allow other than just localhost access, you have two choices.

1. If you can access the Admin and want to modify it to allow other IP addresses to access it, note that the "License & Security" link (under "General" in the left nav bar) has a field called "Allowed IP addresses".
2. If you can't access the Admin, you can instead modify the bluedragon-server.properties file in the config directory where BlueDragon is installed. It has an entry of the same name.

In either case (whether using the Admin or editing the file), the value is set by default to 127.0.0.1. It accepts a comma separated list of IP addresses or ranges using the "*" wildcard (e.g. 192.168.1.*). Again, just be careful about opening it up too broadly. The whole point of restricting it is to help restrict access to the Admin.

Once you change it, be sure to restart BlueDragon.

Of course, changing this may be useful for more than just accessing the Admin, if indeed you chose not to implement web server integration and want to allow others to get into your applications (in addition to the Admin). Just be aware of the security implications when opening it to IPs on more than just your own internal network.

Indeed, a couple more points to keep in mind:

• If you're just wanting to open the web server to access the Admin from machines other than that on which it's installed but within your own network, you may want to also set your firewall to block access to the BlueDragon built-in web server port (8080 by default) from outside of your network.
• The admin password will be passed in clear text from your browser to the server. Unfortunately, we don't currently support SSL in our built-in web server. That's on the list to address in BlueDragon 4. For now, again, if you're concerned about security, a better approach is to use SSH or other approaches to tunnel into the machine. I'll document those in another entry.