Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi All,
We have Qlik Sense installed in our network and users can log into our product (web application) and see Qlik dashboards embedded there (Iframe).
Currently, every user in the network can open a browser and surf to:
https://HOSTNAME/qmc
Of course they can't change anything because they are not RootAdmin user.
My question:
Is it possible to prevent those users to reach QMC from their own desktop (browsers)?
I'd like to make it possible to connect to QMC only if the user is logged to the Server that hosting Qlik Sense.
I hope my intention is clear 🙂
Thanks,
Eli.
Not inside of Qlik Sense.
You can certainly do so in Apache / IIS / Nginx. It is a different use case entirely but here's a conf for Nginix which is blocking a variety of endpoints:
worker_processes 1;
events {
worker_connections 512;
}
http {
access_log off;
upstream qlikwebsocket {
server 172.31.58.240:443;
}
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_min_length 512;
gzip_types application/javascript application/json application/vnd.ms-fontobject application/x-font-ttf application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
server {
listen 443 ssl;
server_name server.company.com;
ssl_certificate /etc/nginx/ssl/company_com.pem;
ssl_certificate_key /etc/nginx/ssl/company_com_nopass.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header Host $http_host;
proxy_pass https://qlikwebsocket;
proxy_read_timeout 60m;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /(hub|anon/hub|dev-hub|qmc)/ {
deny all;
return 403;
}
}
}
Just for the clarification, I don't want that every user can reach the QMC as in the screenshot below:
Only user that logged to the Qlik sense server would be able to access the QMC from the server itself.
Not inside of Qlik Sense.
You can certainly do so in Apache / IIS / Nginx. It is a different use case entirely but here's a conf for Nginix which is blocking a variety of endpoints:
worker_processes 1;
events {
worker_connections 512;
}
http {
access_log off;
upstream qlikwebsocket {
server 172.31.58.240:443;
}
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_min_length 512;
gzip_types application/javascript application/json application/vnd.ms-fontobject application/x-font-ttf application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
server {
listen 443 ssl;
server_name server.company.com;
ssl_certificate /etc/nginx/ssl/company_com.pem;
ssl_certificate_key /etc/nginx/ssl/company_com_nopass.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header Host $http_host;
proxy_pass https://qlikwebsocket;
proxy_read_timeout 60m;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /(hub|anon/hub|dev-hub|qmc)/ {
deny all;
return 403;
}
}
}
Many thanks, @Levi_Turner !