• Post Reply Bookmark Topic Watch Topic
  • New Topic

I want to only accept a connection when a person clicks a link from a seperate host and application.  RSS feed

 
Abe Smith
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What I have is a web application running on tomcat on Server 1.

I then have a web application running on apache on Server 2.

I only want to allow connections from people who click a URL link in the web app on Server 2 to have access to Server 1's web application.

I have tried using Valve's but im not gettin the desired affect. I would like to implement a way to provide this functionality with the least amount of involvement or coding.

Any help is appreciated.

Abe
 
Paul Clapham
Sheriff
Posts: 22708
43
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The URL of the page from which the request was sent is usually found in the "Referer" HTTP header in the servlet request. So look at that header and compare it to what you want to see there.

Note that this isn't 100% reliable. It's possible to tell your browser to not send referrer information, and it's possible for a bot to send anything it likes as the referrer. However it's the best you're going to get unless you implement some kind of distributed single-sign-on system. And you did mention you didn't want to do a whole lot of work.

(And yes the name of the header is "Referer" and not "Referrer".)
 
Jaikiran Pai
Sheriff
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Perhaps the Remote Address valve or Remote Host valve might help.
 
Abe Smith
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Would it be possible to check for a cookie from Server 2 and if it doesn't exist give a page not found error ?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!