Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Securing WebDav repository using IP Filtering

Avatar

Former Community Member

Hi,

We would like to enable ip filtering to our repostory, tried to find a list of production LCCS ips but couldn't find one.

Currently we only saw one ip 209.xxx.

can you please refer us to a list of all the ips ?

is there a different between development and production accounts ?

Thanks,

Eyal

6 Replies

Avatar

Level 3

Hi,

We do not document our IP addresses.  They could change without notice.

-Jamie

Avatar

Former Community Member

Hi,

thanks for the quick reply.

In your authentication documention, one of the method you recommend using is IP Filtering.

Is there a way achiving this ?

if you don't guarantee that IPs will remain constant, is there a subdomain that you do guarantee ?

Thanks,

Eyal.

Avatar

Level 3

Hi,

We don't guarantee the subdomain will be constant.  Sorry, IP filtering should not have been mentioned in that section of documentation.  We will work with our tech writer to fix that.

Instead of IP filtering, you could set a login/password or pass an extra security token on the repository URL and check that it comes back in the WebDav request.

-Jamie

Avatar

Former Community Member

Hi,

The limitation with the token id and passoword is that they are "hard coded" in the repository link and cannot be controlled per request.

Also, one password / token is used for all the repository.

We wanted to give higher security level and not to relay on a "hard coded" password.

The recording can contain private data and we want to make sure it can only be read by the "owner" of the recording,

we are using the authKey mechanism to limit the access to the room, but we are looking for a way to increase the security on the repository itself.

Can you please advice if/how we can achive authentication that will be more restricted, for example:

1. making sure the requester is adobe

2. authentication which is more request based

The only other solution we currently thinking of, is encrypting the files on the webdav repositry.

Than, before the playback starts, we will decrypt the files and keep them open only for a limited amount of time while they are being played by the playback application.

Regards,

Eyal.

Avatar

Level 4

Hi Eyal,

It's good to hear you got the digest authentication to work.  I hope that alleviates, at least a little, some of your security concerns.  The only thing I can offer at this time is for you to add an auth token to your WebDAV url and change/validate it accordingly.  It involves a bit of work on your end but at this point is the only thing I can suggest. 

Your original concern is definitely valid and has been taken note of on our end.  I am confident we will implement a fix in the medium-term to address it.

Thanks,

Nikola