I currently have a CSM website (xyz.com) that resides at my web hosting,
and an OM installation on a VPS (server.xyz.com - via A record) not on
the same servers. My question; is there a way to stop direct access to
server.xyz.com and only allow access if the request comes xyz.com.
Since this is based off Tomcat I have not been successful in finding a
way to stop direct access.
I have "slowed" it down by changing the internal name (original
server.xyz.com rediected you to server.xyz.com/openmeetings now site is
server.xyz.com/newname) this causes anyone going directly to
server.xyz.com gets a 404 error due to openmeetings no longer being the
name, but once a user successfully goes through the CSM site and knows
the location of the OM installation, then they just use the direct name
instead of signing into the CSM site thus not logging them as a visit.
Was not sure if anyone had ran across this type of setup before and had
a fix/work around that can be implemented to only allow access to the OM
installation if the link was from xyz.com
- Blocking Direct Access Aaron Hepp