Forum Discussion
insomniak_11745
Nimbostratus
NimbostratusRestrict Access via HTTP referer
I'm attempting to restrict access to an application via HTTP REFERER. Using the example given by the dev team, I'm using something that looks like this:
when HTTP_REQUEST {
switch -glob [HTTP::...
insomniak_11745Nimbostratus
NimbostratusThis is becoming very complex to think about. The application that is housed within the Virtual Server in question is Etherpad. The Etherpad Virtual Server IP is being linked to directly from within the user's custom application. Therefore:
- The Etherpad installation is being accessed not directly from the application, but from the end-user's public IP address (otherwise we'd just restrict via internal IP)
- Traditional session-based restriction will not work because if a user accesses the Etherpad once from withing the custom application, they can then use the same session to access it directly in the future.
The user ALWAYS needs to click the link to the Etherpad installation from WITHIN the custom application.
I'm thinking that some sort of shared token "handshake" needs to happen between applications.
