Video Screencast Help

Restrict Web application access from other sources then Symantec secure web application

Created: 08 Jan 2013 | 2 comments

Hi Everyone,

I can create secure web applicaion on the Nukona app center, but I am not sure how do we restrict user to visit to that web applicaion only through Nukon published applicaion. users offen visit the web applicaion via URL insteed of application. Can you help me with any solution or work around to restrict the user access url only from Nukon apps not from any browser by pasting the web URL in browser.

Thanks

Comments 2 CommentsJump to latest comment

mclemson's picture

This sort of functionality--restricting the sites or servers a wrapped application can access--is part of the 4.1 release of App Center.  Releases come frequently so I'd imagine it's a mid- to late-Q1 release.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

Andrew_C's picture

Mike,

I believe what this customer is referring to is how to ensure that the website is only accessed from a Symantec App Center Secure Web App.

manojmkss- can you please confirm this is the case? If so, the request is actually specific to securing the target web server, as opposed to configuring anything within Symantec App Center. Basically, you'd need to configure the target web server to only accept requests from the Secure Web App. Unfortunately, this is not likely easily done because the request is transparent as far as the web server is concerned.

I did a quick test to compare how an Apache web server (for example) identifies the client request between a Secure Web App, and direct access from the mobile device's web browser (Android 4.0.4 device):

 

Normal web browser access:
[IP address] - - [14/Jan/2013:15:41:02 -0800] "GET /portal/login HTTP/1.1" 200 1437 "-" "Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; GT-P3113 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30"
 
Secure Web App:
[IP address] - - [14/Jan/2013:15:44:49 -0800] "GET /portal/login HTTP/1.1" 200 1437 "-" "Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; GT-P3113 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30"
 
 
As you can see, as far as the web server is concerned, the requests are identical. Based on this result, I do not believe there is a way to restrict access, at the target web server level, to only requests coming from a Secure Web App.
 
There might be a creative workaround, but I'm not aware of one
 
Andrew