Forum Discussion

Johan_Lång's avatar
Johan_Lång
Icon for Cirrus rankCirrus
May 05, 2021

Cors preflight requests problem

I have two different web applications that make requests to domain names other than themselves. For example, x.domain.com makes a request to y.domain.com to retrieve certain data. The user is authent...
application delivery
BIG-IP Access Policy Manager (APM)
AlexBCT's avatar
AlexBCT
Icon for Cumulonimbus rankCumulonimbus

Hi Johan,

 

Do I understand it correctly that the backend server of the first web application (the server hosting x.domain.com) needs to reach y.domain.com in order to gather some information it needs to complete a request for the client?

 

If so, do you need that backend server to log in to the APM policy, or do you just need it to be able to reach the backend system? If you just need the backend system to gain access to the application, you could put in an agent in the APM policy BEFORE it gets to the login page? This agent can then check if the request is coming from a specific IP, or some other way in which you can identify that it is this server. If so, you can then bypass the login page and go straight through to the "Allow".

 

Of course, do ensure there is no other way anyone could exploit that ;)

 

Hope this helps.

 

 

Johan_Lång's avatar
Johan_Lång
Icon for Cirrus rankCirrus
May 07, 2021

I can see now that my original question can be interpreted exactly as you did.