How prevent or restrict the usage of ?.do back door to backend
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-05-2022 03:47 AM
Does anyone know how we could either prevent or at least restrict the usage of "?.do" back door to backend?
As you well know, many customer wants to restrict the end users = roleless users of going to backend. As there are some OOTB ways to automatically redirect (roleless) users from backend (nav_to.do) to portal, they do not get triggered when ?.do is used. Neither I have found a way to prevent the usage of this method for named or even all users. Any thoughts on this?
What I have tried is: I created an UI page with name '?' and tried creating various ACL rules for it. No effect.
I also created a Support ticket for this.
- Labels:
-
Platform and Cloud Security
- 1,773 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-27-2022 04:07 AM
Hi Philippe,
Nope, that property does not prevent users accessing the backend from using ?.do. Please test / check any possible solutions before posting them in the Community.
Could you please elaborate what you mean by this:
"Make sure UI Actions and pages have roles, there is an instance check suite that will do multiple testing:
/scan_check_suite.do%3Fsys_id%3D833655cc1b94101046e87733cd4bcb4e"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-27-2022 06:45 AM
Hi AnttiP,
Sorry, was just trying to give you a lead here. We are using this property to prevent external users to access the platform and the documentation states:
To set a login specifically for users with no roles, you can apply these same steps and use the glide.entry.loggedin.page_ess property.
Sorry it does not help you.
