Hack 85. Control Access to Certain Sites


If your company uses a proxy server, don't tell MDS about it.

When the Mobile Data Service was first released with BlackBerry Enterprise Server Version 3.5, it had poor support for proxy servers. You couldn't configure it with an auto-proxy, which a lot of companies use to provide Internet access to users. At that time, you could only configure the server to either use a proxy for all HTTP requests or use a proxy for none. There wasn't any "no proxy" list that told the service to contact certain servers directly, bypassing the proxy. This was initially a show-stopper for many MDS deployments.

BES 3.6 solved some of these issues by allowing access to an auto-proxy, and MDS deployments were more plentiful; however, without any bypass proxy list some deployments were left choosing between allowing access to intranet or Internet sites but not both. With BES 4.0, there are significant enhancements to the level of control you have over specific URLs. If you are the security-conscious type and don't like your users having any fun at all, there are several different ways you can control what your users have access to with the Mobile Data Service.

8.2.1. Hack the Proxy Settings in BES 3.6

While the possibilities are limited with BES 3.6 compared to the feature set of 4.0, there are some tricks you can use to control access to URLs. If your company requires the use of a proxy server to access Internet sites, you could use that requirement to exclude any access to Internet sites from your BlackBerry users by simply not including the proxy configuration in your instance of MDS. This would instruct the Mobile Data Service to make a direct connection to all sites the Internet site would be inaccessible (since the firewall denies any direct connection), while intranet sites could easily be reached. Figure 8-1 shows the settings page for the proxy configuration on a BES 3.6 server.

Figure 8-1. BES 3.6 Proxy Configuration settings


If your company uses a proxy that is configured to make HTTP requests only to Internet sites, you're not quite out of luck if you want your users to have access to both intranet and Internet sites. You could code a very simple proxy that knows which URLs define your intranet and could choose whether to use your "real" proxy to access intranet sites or contact intranet sites directly. Although this sounds like a complicated program, it can be accomplished with just a few lines of Perl. (Of course, what can't be?)


8.2.2. Use the Advanced Features in BES 4.0

The Mobile Data Service included with BlackBerry Enterprise Server 4.0 has features that the 3.6 version could only dream of. Not only can you configure standard and auto-proxy configurations, but you can configure custom proxy addresses for particular URLs. You can even assign a proxy to URLs that match a complex regular expression.

To set up these advanced configurations, you can use the Proxy Mapping feature of the Mobile Data Service included with BlackBerry Enterprise Server 4.0. Figure 8-2 shows the dialog that is used to set up a new HTTP Proxy Server mapping.

Figure 8-2. The New HTTP Proxy Server Mapping dialog


Select the Use template option to use a regular expression to match a specific portion of the URL or use the "Use custom regular expression" option to use the entire URL. Once you've added the regular expression, in the Proxy String section, you can specify that the HTTP requests that match be excluded from a proxy or you can configure a custom proxy. This is where you would configure a bypass proxy list of URLs.

8.2.3. Hack the Hack

The capabilities in BES 4.0 provide full support for your bypass proxy lists and allow you to set up some pretty cool configurations. For example, you could create a configuration that disallows access to all URLs except those that you've explicitly allowed. Conversely, you could set up a disallow list for web sites to prevent access to certain URLs. You can configure MDS to send requests for those sites to a page that warns users that they've requested content that is deemed inappropriate.

Figure 8-3 shows a proxy mapping configuration that allows access to google.com, but other requests are proxied through server.domain.com. You could make a simple web page available at server.domain.com that gives the user a custom message.

Figure 8-3. Custom proxy mappings


You could exclude all requests from a proxy except those that match your regular expressions. For the sites that match, you could set up a custom proxy that scrapes the content in the HTTP response and creates modified versions to send to the users. Check out Spidering Hacks (O'Reilly) for indepth information on parsing HTML on the Web.



BlackBerry Hacks
Blackberry Hacks: Tips & Tools for Your Mobile Office
ISBN: 0596101155
EAN: 2147483647
Year: 2006
Pages: 164
Authors: Dave Mabe

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net