I found the perfect answer for “How to stop bypassing SiteMinder to access any SM protected application deployed on Jboss / Apache backend server”
- In Jboss:
We can restrict IP addresses for incoming connections request to Jboss. To restrict connections for a specific application, configure the valve in your applications WEB-INF/jboss-web.xml, for example:
<jboss-web>
<valve>
<class-name>org.apache.catalina.valves.RemoteAddrValve</class-name>
<param>
<param-name>allow</param-name>
<param-value>127.0.0.1,127.0.0.2</param-value> (Put SiteMinder SPS server IP)
</param>
</valve>
</jboss-web>
Refer:- https://access.redhat.com/solutions/18412
With the help of mod_authz_hosts module in Apache we can restrict access to specific source IP inside virtual host. You can make changes in conf/httpd.conf and conf.d/ssl.conf under your VirtualHost entry like below example:
<VirtualHost ServerHostname:Port>
ServerAdmin ……..
DocumentRoot ……..
<Location />
Order deny,allow
Deny from all
Allow from 127.0.0.1,127.0.0.2 (Put SiteMinder SPS server IP)
</Location>
</VirtualHost>
Refer :- http://stackoverflow.com/questions/19711716/apache-restrict-access-to-specific-source-ip-inside-virtual-host
Now only way to access your application is SiteMinder, and we are confident that SM request cannot be tampered. Enjoy Security!!!