Prevent Direct access to a URL

Shamunda shamunda at playlan.com
Sun Jan 25 16:45:45 MSK 2009


Hi all -

 

I was given a project to research if it's possible to prevent users from
accessing a path directly using NGINX?

 

Here's are layout:  IIS & JBoss

 

We have an IIS server presenting clients with their login page.  After
the client logs in it does a lookup within the database to verify the
clients credentials.  Once the client has been verified, the user is
redirected to the appropriate application server - JBOSS application
server.

 

The client is then able to do whatever their licenses allows.  

 

So within IIS and the JBoss application server, we're able to control
access to a certain degree, however there are some pages served by JBoss
that can be accessed directly if you know the path.  

 

Example:  

                IIS:  htt://logingpage  = secure

          JBoss:  http://successful_login/jboss.ear = secure

          JBoss:  http://regular_html_pages/ourstuff.html = can be
accessed directly.

 

We already know that if we write code within our application we can
control that behavior, but we're reluctant to make any changes to
application at this time.

 

So to conclude

 

Once the user has successfully logged into the IIS server and is handed
off to JBoss,  the user does received a JSESSIONID.  Is there any way to
tell NGINX that unless there is an associated JSESSIONID you will not be
allowed to access the page directly?  Or any other suggestion you may
have to offer?

 

Thanks for any and all help!

 

-Shamunda


***** Email confidentiality notice *****

25/1/2009

This message is private and confidential.  If you have recieved this message in error, please notify us and remove it from your system.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20090125/6c9f3aa1/attachment.html>


More information about the nginx mailing list