0

I want to block users from accessing/using Worklight deployed App URL.

For example,

http://myserverDomain/myProjApp/apps/services/preview/CardApp/common/0/default/GoodApp.html

Now I don't want users to go and type in the above URL and access the App.

However this restriction must not prevent Mobile users from running or using their App from device.

What could be the way to achieve this?

I have made my App available on a Public IP and devices are pointing to it.

Using IBM HTTP server, a url has been made public and then i used it inside the application-descriptor.xml file so that the generated Apps can point to a public URL and get connected with WL Server. In this way my Apps work fine. But I am also able to access the URL via browsers and can log-in too. I am thinking a possibility to block access only via browsers.

Thanks

AAhad
  • 2,805
  • 1
  • 25
  • 42
  • The description you've added is not very understandable. What exactly did you add? and why this way? – Idan Adar Mar 31 '13 at 10:42
  • @Idan, let me put this way: as you said **You should restrict access to these type of URLs on your server (be it Apache or otherwise)** Now if I block these Public URL access on server. lets say I block `code`http://myserverDomain/myProjApp/apps/services/preview/CardApp/common/0/default/GoodApp.html`code`. **Then Will the App be able to connect with server?** however keep in mind that **App is using this URL** to connect with server `code`http://myserverDomain/myProjApp`code` – AAhad Mar 31 '13 at 11:22
  • aahad, the url you have in your post is meant only for preview (as the url itself suggests), you are not supposed to, and cannot, use this url within your application. **It is internal.** – Idan Adar Mar 31 '13 at 11:49
  • you are not getting my point. Inside the App I use " http://myServerDomain/myProjApp/ " URL....... Now If i put this url in the browser then it routes me to the Preview "http://myserverDomain/myProjApp/apps/services/preview/CardApp/common/0/default/GoodApp.html" ..... Now i am thinking to disable/stop this Preview URL ....hope you get it now. – AAhad Mar 31 '13 at 12:37
  • Then my answer stands as-is. Your IT department needs to block URLs so that they won't be accessible to the public. See my edited answer. – Idan Adar Mar 31 '13 at 12:45
  • please mark ravidor's answer as Answered. – Idan Adar Mar 14 '14 at 06:56

2 Answers2

2

There are multiple ways to do this:

  1. As Idan suggested, have you IT block the http://myserverDomain/myProjApp/apps/services/preview/* on your server.
  2. Through the authenticationConfig.xml you can block static resources. There is an example there for protecting the console (which you should do as well).
Raanan Avidor
  • 3,533
  • 4
  • 25
  • 32
1

You should restrict access to URLs you wish not to be public, on your server (be it Apache or otherwise).

This restriction won't affect your app users.

Have your IT department handle this (it is not the role of a developer). See the structure of Worklight-related URLs. Your IT department should know how to handle these so that they won't be available to direct access by the public.

Idan Adar
  • 44,156
  • 13
  • 50
  • 89
  • Okay thanks for it. Though i have written my custom code that runs on the WL Server blocking particular requests or forwarding to another path. But I was thinking for server level settings that i can configure to achieve similar thing. Thanks – AAhad Mar 31 '13 at 13:25