securing server to server http post
Posted
by
ad-inf
on Server Fault
See other posts from Server Fault
or by ad-inf
Published on 2012-11-17T02:45:35Z
Indexed on
2012/11/17
5:03 UTC
Read the original article
Hit count: 453
Website is developed on JSF, Servlet, using apache web server. In my website, I accept data submission from few restricted websites using HTTP POST method. We exchange some secure key to ensure that correct source is sending data.
But is there any way to ensure that the data is submitted from specific domain / IP address only? In application level I can check request.header('Referer') , but some proxy or firewall might hide the referer. Can this configuration done on firewall or webserver level to authenticate server to server communication?
Eg. Say my website is a payment gateway website, integrated with www.abc.com. I want only abc.com to submit data. So a user using abc.com should be able to submit data to my website only through abc.com, and not any other website.
© Server Fault or respective owner