Hi all -
I was given a project to research if it’s possible to prevent users from
accessing a path directly using NGINX?
Here’s are layout: IIS & JBoss
We have an IIS server presenting clients with their login page. After
the client logs in it does a lookup within the database to verify the
clients credentials. Once the client has been verified, the user is
redirected to the appropriate application server - JBOSS application
server.
The client is then able to do whatever their licenses allows.
So within IIS and the JBoss application server, we’re able to control
access to a certain degree, however there are some pages served by JBoss
that can be accessed directly if you know the path.
Example:
IIS: htt://logingpage = secure
JBoss: http://successful_login/jboss.ear = secure
JBoss: http://regular_html_pages/ourstuff.html = can be
accessed directly.
We already know that if we write code within our application we can
control that behavior, but we’re reluctant to make any changes to
application at this time.
So to conclude
Once the user has successfully logged into the IIS server and is handed
off to JBoss, the user does received a JSESSIONID. Is there any way to
tell NGINX that unless there is an associated JSESSIONID you will not be
allowed to access the page directly? Or any other suggestion you may
have to offer?
Thanks for any and all help!
-Shamunda
***** Email confidentiality notice *****
25/1/2009
This message is private and confidential. If you have recieved this
message in error, please notify us and remove it from your system.
