2

How can I prevent users from directly accessing my web application on Cloudfoundry?

For example: I deployed a spring application on Cloudfoundry, that can be accessed using url myapp.cloudfoundry.com (this is just an example).

Then, I use another web app, deployed on Google App Engine, that acts like a reverse proxy for the one deployed on cloudfoundry ( like in this example http://programming.mvergel.com/2011/11/cloud-foundry-and-custom-domain.html ), that can be accessed by users, using lets say myapp.appspot.com

Now, my question is: is there an elegant way of preventing users from accessing my app using the link myapp.cloudfoundry.com and allow them to just use myapp.appspot.com ? I am thinking of adding some sort of token in the request headers when redirecting from appspot to cloudfoundry, but I don't think this is the best solution.

Can some one give me a hint about this one ?

user1753046
  • 21
  • 1

2 Answers2

1

There is no way of stopping someone from requesting the application from Cloudfoundry.com as you have pointed out.

Perhaps the best way would be to inspect the IP range the request is coming from and if it is not from appspot.com return a 404?

Dan Higham
  • 3,974
  • 16
  • 15
  • Thank you for your answer Dan. I found that requests coming from appspot have some particularities in headers (like "user-agent" containing the appspotid). I use this to filter the requests. – user1753046 Oct 25 '12 at 06:27
1

Perhaps implement HMAC http://en.wikipedia.org/wiki/HMAC as an authentication between your services; and deny access to any other public access to your apps?

Dr Nic
  • 2,072
  • 1
  • 15
  • 19