Microsite Security
We have a requirement to allow customers to click on the View Online link in marketing emails to open the content in their browser. We need to expose the Microsite to the internet without compromising prweb and prgateway. We have a multi-node environment, with desiginated "click-through" nodes exposed to the internet for tracking Impressions and Click-throughs. We restrict access on the click-through nodes with a modified web.xml to only allow access to requests with URL pattern /PRHTTPService/*. Can something similar be done for a Microsite? Does the prgateway have to reside on the same node(s) as the Microsite and open to the internet, if so how would we restrict access to the configuration page?
Accepted Solution
Sprint
US
Thanks for the feedback. I was able to able to restrict traffic using the method described once we put Apache in front of Tomcat.
Pegasystems Inc.
AU
As you might know already, the Microsite URL is based on the following URL format, where the Site field is the name of the intended microsite:
Format: http://<Server Name>:<port>/MS/?Site=Microsite_Name
Did we try restricting the traffic on /MS/* pattern?
Regarding prgateway and microsite relation, the microsite works as a IAC gadget and hence the below tag in the microsite html page guides it to the location of prgateway war. I guess one can change that to point to the machine where prgateway is deployed.
pega.web.config.gatewayURL = "/prgateway/PRPCGateway/";
Can you please elaborate for which configuration page you want to restrict the access to? I am guessing the query is about the access of end user who wants to access the microsite content.
Please correct and elaborate.