0

I have a domain e.g. https://example.com and I need to deny connections from browsers outside of the network except to some apis like https://example.com/tablet/service/xxx where xxx might be login/app or access/data/user. Those APIs are calling from a tablet application and we need them. But the access from the browser must my denied.

I tried reverse proxy through URL rewriting in and ARR IIS but I can't deny any other API. Can anyone help me? My app is running in ports 443 (external) and 8443 (internal). The dns points from 443 to 8443.

enter image description here

Thank you in advance!

zinon
  • 101
  • 2
  • "but I can't deny any other API" is untrue. Add a condition to this rule to verify `HTTP_USER_AGENT` is the simplest approach. If you want more control then it can be a different question. – Lex Li Jul 25 '22 at 16:18
  • Running applications with different security requirements on the very same web server is a very bad idea. Please consider splitting the applications by security. – Zac67 Jul 25 '22 at 17:02

0 Answers0