AnsweredAssumed Answered

How to restrict such that endusers will not able to view workflows

Question asked by Usha Rani on Oct 17, 2018

Hello,

 

How to restrict such that endusers will not able to view workflows.

##

Back ground:

We have RSA appliance installed in one RHEL server (let’s say IP - 10.10.10.10). The application is accessible over https://10.10.10.10:8443/aveksa/main. Now, we have configured Apache HTTPD in another RHEL server (let’s say IP - 20.20.20.20) and HTTPD is communicating with application server and application is accessible over apache server IP. The URL https://20.20.20.20/aveksa/main is redirecting (proxying) internally and showing application pages and modules perfectly. FQDN is registered for this apache server to access RSA application with https://itaccess.company.com. So, users are accessing the RSA application over https://itaccess.company.com

 

 

20.20.20.20 is communicating with 10.10.10.10 over 8080 port. Virtual host configuration in 20.20.20.20 as below -

 

 

ProxyPass "/" "http://10.10.10.10:8080/" retry=0 acquire=3000 timeout=1200 Keepalive=On

ProxyPassReverse "/" "http://10.10.10.10:8080/" timeout=1200

SetEnv proxy-nokeepalive 1

 

The application is accessible and all modules working as expected (including change requests processing and all). Have tried adding another proxy and proxy bypass with 8443 port as well but failed (8080 and 8443 both the ports open from web server to app server)

 

After making changes in proxy configuration file and unprotect the aveksaWFArchitect URL, the users with admin rights and endusers also able to view workflow.

 

We want to restrict end users to not view workflows, can you please suggest how to do this.

Outcomes