<div dir="ltr"><div><div><div>Good morning!<br><br>> I think what you're looking for is something like this[1], right?<br><br></div>Maybe this could be secured using Netfilter on Linux, I would be interested in hearing more about this.<br>Initially, I thought I would be looking for a F5 firewall iRule kind of like this:<br></div>-Allow: /ag-push/(registration)<br></div>-Deny: /ag-push/(admin-gui) and /ag-push/(java-api-access)<div><div><div><br>Is /ag-push/ is designed to be exposed to the public Internet? <br><br>>That's an interesting scenario. I think if we extracted the registration<br>
>module to a separated WAR file, would help to protect /ag-push<br>
>infrastructure. Not sure if the idea is interesting.<br><br></div><div>Yes, that would be interesting as a more long-term solution. I would like to start using <br>the UnifiedPush Server very soon, so then I would prefer some quick firewall rule rather than waiting <br>for a new release.<br><br></div><div>Thanks for the help so far!<br><br>Andreas<br><br></div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2014-11-24 13:57 GMT+01:00 Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Good morning Andreas, I think what you're looking for is something like<br>
this[1], right?<br>
<br>
That's an interesting scenario. I think if we extracted the registration<br>
module to a separated WAR file, would help to protect /ag-push<br>
infrastructure. Not sure if the idea is interesting.<br>
<br>
Thoughts anyone?<br>
<br>
<br>
[1] -<br>
<a href="http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc3.18" target="_blank">http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc3.18</a><br>
<div><div class="h5"><br>
On 2014-11-24, Andreas Røsdal wrote:<br>
> Hello!<br>
><br>
> I would like to security advice for running the Aerogear UnifiedPush Server<br>
> for sending Push messages to an iPhone app. The app-server is Wildfly, and<br>
> HTTPS is enabled. It is important to prevent unauthorized push messages<br>
> from being sent. Do you have any documentation or general advice for<br>
> securing Aerogear UnifiedPush Server?<br>
><br>
> I would like to setup firewall rules to prevent users on the internet to<br>
> log in to the UnifiedPush Admin gui /ag-push/ while still allowing<br>
> registration of iPhone app/device tokens though the same UnifiedPush Admin<br>
> server. What kind of URL pattern can I use to prevent admin logins<br>
> externally?<br>
><br>
><br>
> Regards,<br>
> Andreas R.<br>
<br>
</div></div>> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
<br>
--<br>
<br>
abstractj<br>
PGP: 0x84DC9914<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></blockquote></div><br></div>