Limit the remote access to desinger & gateway config page

nader.chinichian · October 30, 2020, 6:05pm

Hi,
When we open port 8088 or 443 to get remote access perspective web pages we also make possible remote access to the designer and gateway config pages. So if some one can get password he can easily go to config page and change all security setting.

I believe if we have separate port for desinger and gateway from perspective port it is much safer for remote access applications.
We can drop any access to that port with firewall and even user and password are compremised at least with using security zone(that limit all outside IP) the hacker can’t send any command.

pturmel · October 31, 2020, 12:40pm

Please don’t. If you really need this, use a load balancer/proxy to forward only the parts of the hierarchy you wish to permit to outsiders.

nader.chinichian · October 31, 2020, 7:35pm

Ok but when every things are in port 443 or 8088 how proxy can differentiate them?

pturmel · November 1, 2020, 7:28pm

Load balancers and reverse proxies can look at the path of a URL to decide how/if to proxy.