Adobe Campaign Classic v7 & Campaign v8

Deb_Tripathy · 5/31/22

Hi Team,

We have webapps hosted in an On-premise Adobe Campaign Classic instance that are all currently accessible from internet . There some technical webapps that we want to be accessed by ACC end users from the company VPN and some webapps/surveys used by customer/recipients like opt-in/out from internet.

We have access control(login) enabled for technical webapps, but how can we restrict the technical webapps from being exposed to internet?

Cheers,

Deb

Marcel_Szimonisz · 7/14/22

Hello @Deb_Tripathy, we have added restriction on the firewalls rules there were no restrictions on sysconfig (no idea what is that anyway) nor security zones as I was told by the network technician that you always get the internal IP of web server that is infront of application server, if you have one in place, so the IP will be same for all incoming traffic and security zones then will not work. If you are getting IP address of actual user then add the restrictions on web application itself. if not set firewall rules for certain URLs that can be accessed only by certain range of IPs?

In our setup frontal and application is different server with different URLs hosted on different VMs just with shared DB. All frontal requests to login page are blocked by firewall so customers can access unsub pages and other web apps that do not require password. On the application server there is not restriction apart that is not accessible from public.

Will this clear some of your questions?

Marcel

View solution in original post

Marcel_Szimonisz · 5/31/22

Hello @Deb_Tripathy,

Recently we restricted such scenarios by adding rules to the firewall on the frontal servers. So the web apps with login could be accessed only via application server that is only accessible over intranet.

Or you can extend the login jssp page and add additonal IP check or any other checks you want.

Marcel

Deb_Tripathy · 6/1/22

Hi @Marcel_Szimonisz ,

Thanks for your reply. I tried the frontal and application server approach but couldn't make it work by changing the sysconfig file by adding IP masking in web node.

Did you make change in sysconfig or in a network level to restrict webapp access from internet?

I don't think extending logon.jssp will do the trick as we can only restrict based on IP, but our requirement is to restrict only specific webapps from internet.

Cheers,

Deb

Sukrity_Wadhwa · 7/11/22

Hi @Marcel_Szimonisz,

Could you please help @Deb_Tripathy further with their query?

Thanks!

Sukrity Wadhwa

Marcel_Szimonisz · 7/14/22

Hello @Deb_Tripathy, we have added restriction on the firewalls rules there were no restrictions on sysconfig (no idea what is that anyway) nor security zones as I was told by the network technician that you always get the internal IP of web server that is infront of application server, if you have one in place, so the IP will be same for all incoming traffic and security zones then will not work. If you are getting IP address of actual user then add the restrictions on web application itself. if not set firewall rules for certain URLs that can be accessed only by certain range of IPs?

In our setup frontal and application is different server with different URLs hosted on different VMs just with shared DB. All frontal requests to login page are blocked by firewall so customers can access unsub pages and other web apps that do not require password. On the application server there is not restriction apart that is not accessible from public.

Will this clear some of your questions?

Marcel

Adobe Campaign Classic v7 & Campaign v8

Restrict Access of technical webapp from internet

Sukrity Wadhwa

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe