If you have an on-premise installation of APEX and you have Portal in use to allow external suppliers accessing your database, you should separate the Portal and the Smart Materials Application Server, as shown on the picture below.
On these application servers, use the mod_rewrite module for Apache and Tomcat to define rewrite rules.
For more information about Apache mod_rewrite see https://httpd.apache.org/docs/current/mod/mod_rewrite.html
For Tomcat rewrite see https://tomcat.apache.org/tomcat-9.0-doc/rewrite.html
Smart Materials Web and Portal use different Application IDs, which can be used as basis for the rules. The table below shows all available application IDs.
Application ID |
Application Name |
---|---|
101 |
Intergraph Smart Materials |
102 |
Intergraph Smart Materials – Web Approval |
103 |
Intergraph Smart Materials – AOP (APEX Office Print) |
110 |
Intergraph Smart Materials - Common |
120 |
Intergraph Smart Materials - Others |
150 |
Intergraph Smart Materials - Dashboards |
200 |
Intergraph SMart Materials - Bill of Materials |
210 |
Intergraph SMart Materials – Bill of Materials > Line List |
300 |
Intergraph SMart Materials - Requisitions |
400 |
Intergraph SMart Materials - Administration |
500 |
Intergraph SMart Materials - Site |
510 |
Intergraph SMart Materials - Site > Stores Requisition |
520 |
Intergraph Smart Materials - Subcontract Management |
600 |
Intergraph SMart Materials - BIR |
700 |
Intergraph SMart Materials - Procurement |
900 |
Intergraph SMart Materials – Customer Sample |
1000 |
Smart Materials Portal - Launcher |
1002 |
Smart Materials Portal - Registration logged in |
1003 |
Smart Materials Portal - Inquiries |
1004 |
Smart Materials Portal - Subcontracting |
1005 |
Smart Materials Portal - Packing |
1007 |
Smart Materials Portal - Freight Forwarding |
To restrict the access only to the Smart Materials Portal related application IDs, the Application Server Apache should be configured to define blacklists and whitelists as shown in the examples below.
## Enable the rewriting engine
RewriteEngine on
## Admin page is not allowed
RewriteCond %{QUERY_STRING} (.*)f?p=4550(.*) [NC]
RewriteRule ^/smatweb/(..*) /smatweb/- [F]
## All applications which ID starting with 2 to 9 are not allowed
RewriteCond %{REQUEST_URI}%{QUERY_STRING} /smatweb/f?p=(([2-9])[0-9]*:.*) [NC]
RewriteRule ^/smatweb/(..*) /smatweb/- [F]
## All applications with ID between 100 and 199 are not allowed
RewriteCond %{REQUEST_URI}%{QUERY_STRING} /smatweb/f?p=(([1]{1})([0-9]{1})([0-9]{1}):.*) [NC]
RewriteRule ^/smatweb/(..*) /smatweb/- [F]
## Only applications 1000,1001,1002,1003,1004,1005,1006,1007,1008 and 1009 are allowed
RewriteCond %{REQUEST_URI}%{QUERY_STRING} /smatweb/f?p=(([0-9])[0-9]*:.*) [NC]
RewriteCond %{REQUEST_URI}%{QUERY_STRING} !/smatweb/f?p=(([1]{1})([0]{1})([0]{1})([0123456789]{1}):.*) [NC]
RewriteRule ^/smatweb/(..*) /smatweb/- [F]
ProxyPass /smatweb/admin !
ProxyPass /i ajp://localhost:8009/i
ProxyPass /smatweb ajp://localhost:8009/smatweb