You should be able to block external access to the port via your external firewall.
Some options are: 1. If the server side functions are happening on the same server as OrientDB, make sure that local server side connections happen via the loopback address 127.0.0.1. 2. Another option: set up another LAN IP (ex: 192.168.0.22) for internal access to the database via the REST API. Then set your firewall to block access from the other external IP address. 3. If you're restricted to 1 IP (ex: some cloud systems or VPS), you have a few options. One is, you can use a VPN for internal access. Another is, that you should still be able to create a whitelist of IPs that can access the server on that port. It depends on your OS and your firewall. On Tuesday, March 18, 2014 2:18:43 PM UTC-4, Gaurav Dhiman wrote: > > Stefan, > > Thanks for response. > I want to restrict default REST access but want to allow access through > OrientDB server side functions, so blocking port will even block access to > functions defined in OrientDB. > > Example: > I want to block calls like > http://<host>:<port>/document/<db>/5:3 > http://<host>:<port>/cluster/<db>/demoClass > > Want to still have REST access to functions defined in OrientDB; call like: > http://<host>:<port>/function/<db>/myFunction/arg1/arg2 > > > Regards, > Gaurav > > > > On Tuesday, March 18, 2014 11:17:02 PM UTC+5:30, [email protected] > wrote: >> >> Hi, >> >> You can block the port that OrientDB runs on. >> You can either do this locally on the machine or limit access to the >> machine if it's running on a sub-net. >> >> Regards, >> -Stefán >> >> >> >> On Tuesday, 18 March 2014 12:52:51 UTC, Gaurav Dhiman wrote: >>> >>> Thanks Dexter for info. >>> >>> Building our REST layer is always an option but that does not block the >>> direct DB access. If a user directly connects to DB on bare HTTP/REST, he >>> will be able to access thins on it in his/her browser, I want to block that >>> and only allow access through functions defined at OrientDB end. >>> >>> Thanks again for sharing your idea. >>> >>> Regards, >>> Gaurav >>> >>> >>> >>> On Sunday, March 16, 2014 12:19:33 AM UTC+5:30, Dexter Pratt wrote: >>>> >>>> In our case, we built our own REST server application to implement our >>>> API - which is responsible for authentication, authorization, and limits >>>> on >>>> queries - and it accesses OrientDB. >>>> >>>> It would be cool to do the whole thing in Orient, but our cases >>>> are sufficiently complex that I think we need the separate REST server >>>> layer. >>>> >>>> I'll be interested to see how far you can push this. >>>> >>>> - Dexter >>>> >>>> Dexter Pratt >>>> Director, NDEx project >>>> Ideker Lab UCSD / Cytoscape Consortium >>>> [email protected] - [email protected] >>>> www.ndexbio.org >>>> >>>> On Saturday, March 15, 2014 at 11:39 AM, Gaurav Dhiman wrote: >>>> >>>> Any suggestions on this? >>>> How to block default HTTP/REST access to DB and only allow access on >>>> HTTP/REST through server side functions ? >>>> >>>> Any suggestions will help a lot. >>>> >>>> Regards, >>>> Gaurav >>>> >>>> >>>> >>>> On Thursday, March 13, 2014 8:55:14 PM UTC+5:30, Gaurav Dhiman wrote: >>>> >>>> Hi, >>>> >>>> I do not want the default HTTP/REST access open for anyone to look into >>>> DB (even logged-in user). >>>> I want to give access on HTTP/REST through server defined functions >>>> only, all other REST access should not be allowed. >>>> >>>> How to achieve it ? >>>> >>>> Regards, >>>> Gaurav >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "OrientDB" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>>> >>>> -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
