Hello Aaron, You can disable self-registering on OM server, so no-one can login .... You can close access to OM Tomcat, set up frontend proxy (Apache web server for ex.) And tune your access rules at Apache web server
On Sat, Feb 24, 2018 at 1:25 AM, Aaron Hepp <aaron.h...@gmail.com> wrote: > I currently have a CSM website (xyz.com) that resides at my web hosting, and > an OM installation on a VPS (server.xyz.com - via A record) not on the same > servers. My question; is there a way to stop direct access to > server.xyz.com and only allow access if the request comes xyz.com. Since > this is based off Tomcat I have not been successful in finding a way to stop > direct access. > > I have "slowed" it down by changing the internal name (original > server.xyz.com rediected you to server.xyz.com/openmeetings now site is > server.xyz.com/newname) this causes anyone going directly to server.xyz.com > gets a 404 error due to openmeetings no longer being the name, but once a > user successfully goes through the CSM site and knows the location of the OM > installation, then they just use the direct name instead of signing into the > CSM site thus not logging them as a visit. > > Was not sure if anyone had ran across this type of setup before and had a > fix/work around that can be implemented to only allow access to the OM > installation if the link was from xyz.com > > Thank you > -- WBR Maxim aka solomax
