securing server to server http post

Posted by ad-inf on Server Fault See other posts from Server Fault or by ad-inf
Published on 2012-11-17T02:45:35Z Indexed on 2012/11/17 5:03 UTC
Read the original article Hit count: 453

Filed under:
|
|

Website is developed on JSF, Servlet, using apache web server. In my website, I accept data submission from few restricted websites using HTTP POST method. We exchange some secure key to ensure that correct source is sending data.

But is there any way to ensure that the data is submitted from specific domain / IP address only? In application level I can check request.header('Referer') , but some proxy or firewall might hide the referer. Can this configuration done on firewall or webserver level to authenticate server to server communication?

Eg. Say my website is a payment gateway website, integrated with www.abc.com. I want only abc.com to submit data. So a user using abc.com should be able to submit data to my website only through abc.com, and not any other website.

© Server Fault or respective owner

Related posts about webserver

Related posts about firewall