7:39 a.m.
Hi Andreas,
On Mon, Nov 24, 2014 at 2:23 PM, Andreas Røsdal <andreas.rosdal(a)gmail.com>
wrote:
Good morning!
> I think what you're looking for is something like this[1], right?
Maybe this could be secured using Netfilter on Linux, I would be
interested in hearing more about this.
Initially, I thought I would be looking for a F5 firewall iRule kind of
like this:
-Allow: /ag-push/(registration)
-Deny: /ag-push/(admin-gui) and /ag-push/(java-api-access)
Is /ag-push/ is designed to be exposed to the public Internet?
well, it's up to you :) if you have different remote systems, that need to
contact the server -> you wanna expose the /sender part too. if not ->
block it
As you said earlier, the only one that really needs to be exposed to public
is the device registration.
>That's an interesting scenario. I think if we extracted the registration
>module to a separated WAR file, would help to protect /ag-push
>infrastructure. Not sure if the idea is interesting.
That is an interesting point, and worth evaluating.
Internally of that "registration.war", we could simply act as a proxy to
the 'real' registration (on the ag-push.war), which is blocked by the
firewall.
-Matthias
Yes, that would be interesting as a more long-term solution. I would like
to start using
the UnifiedPush Server very soon, so then I would prefer some quick
firewall rule rather than waiting
for a new release.
Thanks for the help so far!
Andreas
2014-11-24 13:57 GMT+01:00 Bruno Oliveira <bruno(a)abstractj.org>:
> Good morning Andreas, I think what you're looking for is something like
> this[1], right?
>
> That's an interesting scenario. I think if we extracted the registration
> module to a separated WAR file, would help to protect /ag-push
> infrastructure. Not sure if the idea is interesting.
>
> Thoughts anyone?
>
>
> [1] -
>
> http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.h...
>
> On 2014-11-24, Andreas Røsdal wrote:
> > Hello!
> >
> > I would like to security advice for running the Aerogear UnifiedPush
> Server
> > for sending Push messages to an iPhone app. The app-server is Wildfly,
> and
> > HTTPS is enabled. It is important to prevent unauthorized push messages
> > from being sent. Do you have any documentation or general advice for
> > securing Aerogear UnifiedPush Server?
> >
> > I would like to setup firewall rules to prevent users on the internet to
> > log in to the UnifiedPush Admin gui /ag-push/ while still allowing
> > registration of iPhone app/device tokens though the same UnifiedPush
> Admin
> > server. What kind of URL pattern can I use to prevent admin logins
> > externally?
> >
> >
> > Regards,
> > Andreas R.
>
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf