Forum: NGINX Prevent Direct access to a URL

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
44b241dad8dc932d1d6f07fe92bdf42a?d=identicon&s=25 Shamunda (Guest)
on 2009-01-25 15:01
(Received via mailing list)
Hi all -



I was given a project to research if it's possible to prevent users from
accessing a path directly using NGINX?



Here's are layout:  IIS & JBoss



We have an IIS server presenting clients with their login page.  After
the client logs in it does a lookup within the database to verify the
clients credentials.  Once the client has been verified, the user is
redirected to the appropriate application server - JBOSS application
server.



The client is then able to do whatever their licenses allows.



So within IIS and the JBoss application server, we're able to control
access to a certain degree, however there are some pages served by JBoss
that can be accessed directly if you know the path.



Example:

                IIS:  htt://logingpage  = secure

          JBoss:  http://successful_login/jboss.ear = secure

          JBoss:  http://regular_html_pages/ourstuff.html = can be
accessed directly.



We already know that if we write code within our application we can
control that behavior, but we're reluctant to make any changes to
application at this time.



So to conclude



Once the user has successfully logged into the IIS server and is handed
off to JBoss,  the user does received a JSESSIONID.  Is there any way to
tell NGINX that unless there is an associated JSESSIONID you will not be
allowed to access the page directly?  Or any other suggestion you may
have to offer?



Thanks for any and all help!



-Shamunda


***** Email confidentiality notice *****

25/1/2009

This message is private and confidential.  If you have recieved this
message in error, please notify us and remove it from your system.
698ad68791be31755e0bb97efc70d243?d=identicon&s=25 Eren Türkay (Guest)
on 2009-01-25 19:19
(Received via mailing list)
On Sunday 25 January 2009 15:45:45 Shamunda wrote:
> I was given a project to research if it's possible to prevent users from
> accessing a path directly using NGINX?

I think, these two URLs is what you're looking for. Nginx supports
internal
URLs and can handle them smoothly. You will just need to change HTTP
Header
with your app.

http://wiki.codemongers.com/NginxXSendfile

http://blog.kovyrin.net/2006/11/01/nginx-x-accel-r...
44b241dad8dc932d1d6f07fe92bdf42a?d=identicon&s=25 Shamunda (Guest)
on 2009-01-26 18:25
(Received via mailing list)
Attachment: winmail.dat (4 KB)
Thanks Eren i'll give it a shot :)

________________________________

From: owner-nginx@sysoev.ru on behalf of Eren Türkay
Sent: Sun 1/25/2009 1:05 PM
To: nginx@sysoev.ru
Subject: Re: Prevent Direct access to a URL


On Sunday 25 January 2009 15:45:45 Shamunda wrote:
> I was given a project to research if it's possible to prevent users from
> accessing a path directly using NGINX?





I think, these two URLs is what you're looking for. Nginx supports
internal URLs and can handle them smoothly. You will just need to change
HTTP Header with your app.





http://wiki.codemongers.com/NginxXSendfile





http://blog.kovyrin.net/2006/11/01/nginx-x-accel-r...


***** Email confidentiality notice *****

26/1/2009

This message is private and confidential.  If you have recieved this
message in error, please notify us and remove it from your system.
This topic is locked and can not be replied to.