On Mon, 2014-11-24 at 13:27 +0100, Andreas Røsdal wrote:
Hello!
I would like to security advice for running the Aerogear UnifiedPush Server
for sending Push messages to an iPhone app. The app-server is Wildfly, and
HTTPS is enabled. It is important to prevent unauthorized push messages
from being sent. Do you have any documentation or general advice for
securing Aerogear UnifiedPush Server?
I would like to setup firewall rules to prevent users on the internet to
log in to the UnifiedPush Admin gui /ag-push/ while still allowing
registration of iPhone app/device tokens though the same UnifiedPush Admin
server. What kind of URL pattern can I use to prevent admin logins
externally?
I'd say hide ag-push to be accessible only on a particular interface
available in your internal network and create a proxy WAR accessible on
public network that will "forward" sender and registration requests to
ag-push WAR.
Regards,
Andreas R.
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev