Restrict external Access to Portal Application IDs - Intergraph Smart Materials - Version 10.2 - Installation & Upgrade - Hexagon

Intergraph Smart Materials Installation (10.2)

Language
English
Product
Intergraph Smart Materials
Subproduct
Classic
Search by Category
Installation & Upgrade
Smart Materials/Smart Reference Data Version
10.2

If you have an on-premise installation of APEX and you have Portal in use to allow external suppliers accessing your database, you should separate the Portal and the Smart Materials Application Server, as shown on the picture below.

SMatPortalCommunication

On these application servers, use the mod_rewrite module for Apache and Tomcat to define rewrite rules.

For more information about Apache mod_rewrite see https://httpd.apache.org/docs/current/mod/mod_rewrite.html

For Tomcat rewrite see https://tomcat.apache.org/tomcat-9.0-doc/rewrite.html

Smart Materials Web and Portal use different Application IDs, which can be used as basis for the rules. The table below shows all available application IDs.

Application ID

Application Name

101

Intergraph Smart Materials

102

Intergraph Smart Materials – Web Approval

103

Intergraph Smart Materials – AOP (APEX Office Print)

110

Intergraph Smart Materials - Common

120

Intergraph Smart Materials - Others

150

Intergraph Smart Materials - Dashboards

200

Intergraph SMart Materials - Bill of Materials

210

Intergraph SMart Materials – Bill of Materials > Line List

300

Intergraph SMart Materials - Requisitions

400

Intergraph SMart Materials - Administration

500

Intergraph SMart Materials - Site

510

Intergraph SMart Materials - Site > Stores Requisition

520

Intergraph Smart Materials - Subcontract Management

600

Intergraph SMart Materials - BIR

700

Intergraph SMart Materials - Procurement

900

Intergraph SMart Materials – Customer Sample

1000

Smart Materials Portal - Launcher

1002

Smart Materials Portal - Registration logged in

1003

Smart Materials Portal - Inquiries

1004

Smart Materials Portal - Subcontracting

1005

Smart Materials Portal - Packing

1007

Smart Materials Portal - Freight Forwarding

To restrict the access only to the Smart Materials Portal related application IDs, the Application Server Apache should be configured to define blacklists and whitelists as shown in the examples below.

## Enable the rewriting engine

RewriteEngine on

## Admin page is not allowed

RewriteCond %{QUERY_STRING} (.*)f?p=4550(.*) [NC]

RewriteRule ^/smatweb/(..*) /smatweb/- [F]

## All applications which ID starting with 2 to 9 are not allowed

RewriteCond %{REQUEST_URI}%{QUERY_STRING} /smatweb/f?p=(([2-9])[0-9]*:.*) [NC]

RewriteRule ^/smatweb/(..*) /smatweb/- [F]

## All applications with ID between 100 and 199 are not allowed

RewriteCond %{REQUEST_URI}%{QUERY_STRING} /smatweb/f?p=(([1]{1})([0-9]{1})([0-9]{1}):.*) [NC]

RewriteRule ^/smatweb/(..*) /smatweb/- [F]

## Only applications 1000,1001,1002,1003,1004,1005,1006,1007,1008 and 1009 are allowed

RewriteCond %{REQUEST_URI}%{QUERY_STRING} /smatweb/f?p=(([0-9])[0-9]*:.*) [NC]

RewriteCond %{REQUEST_URI}%{QUERY_STRING} !/smatweb/f?p=(([1]{1})([0]{1})([0]{1})([0123456789]{1}):.*) [NC]

RewriteRule ^/smatweb/(..*) /smatweb/- [F]

ProxyPass /smatweb/admin !

ProxyPass /i ajp://localhost:8009/i

ProxyPass /smatweb ajp://localhost:8009/smatweb