问题
The web2py book states
The administrative interface, admin, is only accessible from localhost unless you run web2py behind Apache with mod_proxy. If admin detects a proxy, the session cookie is set to secure and admin login does not work unless the communication between the client and the proxy goes over HTTPS; this is a security measure. All communications between the client and admin must always be local or encrypted; otherwise an attacker would be able to perform a man-in-the middle attack or a replay attack and execute arbitrary code on the server.
However, I'm wondering if this means that using web2py via WSGI means I wont be able to get to the admin interface remotely.
回答1:
Here's what you'll see if you try to access the administrative interface over HTTP:
Forbidden
You don't have permission to access /admin/default/index on this server.
Apache/2.2.22 (Ubuntu) Server at yourserver.com Port 80
Just navigate to same page using HTTPS to access the administrative interface remotely.
https://yourserver.com/admin/default/index
来源:https://stackoverflow.com/questions/12830808/accessing-the-web2py-admin-interface-via-wsgi