in my application, web server and media server are deployed in two PCs in an intranet network.
there is a feature which client browser requests media files located in media server file system. due to security consideration, media server is not public accessible but only web server can get access to. currently, we are using a proxy in web server to forward media file request to media server through web server. but we don’t like this solution, because the forwarded media request URLs are still readable by using firebug or chrome console.
any recommendations to request media files from media server and also make these request URLs not readable in client browsers?
thank you all!
UPDATE:
thanks for all replies, although somebody just gave me a ‘bad’ badge…
-
server accessibility: web server is public accessible; media server can only be accessed from web server’s intranet IP, e.g., 192.168.0.1;
-
we now have a proxy file in web server to forward any media requests to media server via web server; the request URL through proxy become e.g., ‘proxy/http://192.168.0.1/test.jpg’
-
we think this solution is not good. since by using ‘proxy/http://192.168.0.1/test0.jpg’, if client users know the structure of media files, they can just change it to ‘proxy/http://192.168.0.1/test1.jpg’ or whatever else. we want to restrict authorized users view the files through this our application web page, not let public users view these files if they know this URL ‘proxy/http://192.168.0.1/’
i am not sure whether i am just saying some nonsense..
again, welcome any comments.
Based on your goal of simply obscuring the media server URL, my approach would be to do a server-side transfer behind the scenes. I am not sure what framework you’re using (PHP, Ruby, ASP.NET, etc.), but there are probably multiple ways to do it.
In other words, your users will see this URL no matter what tool they use:
But the server forwards this request:
The user will never see that second URL (although they could guess it). This is just obscuring the URL, not securing it.