[aerogear-dev] Security advice for UnifiedPush Server
Karel Piwko
kpiwko at redhat.com
Mon Nov 24 11:30:03 EST 2014
On Mon, 2014-11-24 at 13:27 +0100, Andreas Røsdal wrote:
> Hello!
>
> I would like to security advice for running the Aerogear UnifiedPush Server
> for sending Push messages to an iPhone app. The app-server is Wildfly, and
> HTTPS is enabled. It is important to prevent unauthorized push messages
> from being sent. Do you have any documentation or general advice for
> securing Aerogear UnifiedPush Server?
>
> I would like to setup firewall rules to prevent users on the internet to
> log in to the UnifiedPush Admin gui /ag-push/ while still allowing
> registration of iPhone app/device tokens though the same UnifiedPush Admin
> server. What kind of URL pattern can I use to prevent admin logins
> externally?
I'd say hide ag-push to be accessible only on a particular interface
available in your internal network and create a proxy WAR accessible on
public network that will "forward" sender and registration requests to
ag-push WAR.
>
>
> Regards,
> Andreas R.
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list