I have OwnCloud setup and it has a feature called External Site. It loads a site in an iframe, so you can stay in the websites shell.
I have a page running on a reverse proxy. Is there anyway to only allow the OwnCloud page to access the reverse proxy while blocking any other connections to it?
So in this situation, the OwnCloud site is publically accessible but I don’t want the reverse proxy to be.
On apache2, Ubuntu 14.04, own cloud 7
Answer
With an iframe, the user’s browser is still loading the page assets directly, so there’s no good way to limit by IP or anything similar to that. So, what you’re describing is really more security by obscurity, which isn’t true security at all.
In the end, you need to protect your reverse proxied application with some type of authentication.
Attribution
Source : Link , Question Author : soundsofpolaris , Answer Author : EEAA
