Hello!

I would like to security advice for running the Aerogear UnifiedPush Server for sending Push messages to an iPhone app. The app-server is Wildfly, and HTTPS is enabled. It is important to prevent unauthorized push messages from being sent. Do you have any documentation or general advice for securing Aerogear UnifiedPush Server?

I would like to setup firewall rules to prevent users on the internet to log in to the UnifiedPush Admin gui /ag-push/ while still allowing registration of iPhone app/device tokens though the same UnifiedPush Admin server. What kind of URL pattern can I use to prevent admin logins externally?

Regards,
Andreas R.