Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Restrict Access of technical webapp from internet

Avatar

Community Advisor

Hi Team,

We have webapps hosted in an On-premise Adobe Campaign Classic instance that are all currently accessible from internet . There some technical webapps that we want to be accessed by ACC end users from the company VPN and some webapps/surveys used by customer/recipients like opt-in/out from internet.

 

We have access control(login) enabled for technical webapps, but how can we restrict the technical webapps from being exposed to internet?

 

Cheers,

Deb

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hello @Deb_Tripathy, we have added restriction on the firewalls rules there were no restrictions on sysconfig (no idea what is that anyway) nor security zones as I was told by the network technician  that you always get the internal IP of web server that is infront of application server, if you have one in place, so the IP will be same for all incoming traffic and security zones then will not work. If you are getting IP address of actual user then add the restrictions on web application itself. if not set firewall rules for certain URLs that can be accessed only by certain range of IPs?

In our setup frontal and application is different server with different URLs hosted on different VMs just with shared DB. All frontal requests to login page are blocked by firewall so customers can access unsub pages and other web apps that do not require password. On the application server there is not restriction apart that is not accessible from public.

 

Will this clear some of your questions?

 

Marcel

 

Marcel

View solution in original post

2 Replies

Avatar

Community Advisor

Hello @Deb_Tripathy,

Recently we restricted such scenarios by adding rules to the firewall on the frontal servers. So the web apps with login could be accessed only via application server that is only accessible over intranet.

 

Or you can extend the login  jssp page and add additonal IP check or any other checks you want. 

 

Marcel

 

 

Avatar

Community Advisor

Hi @Marcel_Szimonisz ,

Thanks for your reply. I tried the frontal and application server approach but couldn't make it work by changing the sysconfig file by adding IP masking in web node.

 

Did you make change in sysconfig or in a network level to restrict webapp access from internet?

 

I don't think extending logon.jssp will do the trick as we can only restrict based on IP, but our requirement is to restrict only specific webapps from internet.

 

Cheers,

Deb 

Avatar

Correct answer by
Community Advisor

Hello @Deb_Tripathy, we have added restriction on the firewalls rules there were no restrictions on sysconfig (no idea what is that anyway) nor security zones as I was told by the network technician  that you always get the internal IP of web server that is infront of application server, if you have one in place, so the IP will be same for all incoming traffic and security zones then will not work. If you are getting IP address of actual user then add the restrictions on web application itself. if not set firewall rules for certain URLs that can be accessed only by certain range of IPs?

In our setup frontal and application is different server with different URLs hosted on different VMs just with shared DB. All frontal requests to login page are blocked by firewall so customers can access unsub pages and other web apps that do not require password. On the application server there is not restriction apart that is not accessible from public.

 

Will this clear some of your questions?

 

Marcel

 

Marcel