How to protect my webserver from unauthorized client applications?

Question

I would like to host simple HTTP webservices and develop a web client for it (basic javascript app in the browser).

any person (even without registering) shold be able to access the webservices but only via my web client.
other web clients should not be able to achieve a meaningful interaction with the webservices

What could I do to achieve this? At least to some extend? Is this even possible?

You should be able to refuse a connection if there are used other web clients to connect to your server as the one you wish. Like blocking all webclients but yours while they try to connect to your server — Dr3xler, Nov 18 '19 at 18:01
@Joseph Sible Isn't it possible to refuse fingerprints from other webclients? — Dr3xler, Nov 18 '19 at 18:05
@Dr3xler You mean the User-Agent header? Yes, but that's trivially forgeable. — Joseph Sible-Reinstate Monica, Nov 18 '19 at 18:07

score -1 · Answer 1 · answered Nov 18 '19 at 18:03

-1

This isn't possible. It would be equivalent to effective DRM, which as has been discussed many times before, is impossible.

answered Nov 18 '19 at 18:03

1

While largely true, this answer is too short to be really helpful. Would you care to expand upon this? – Conor Mancone Nov 18 '19 at 18:05
It's not possible "at least to some extent"? Sure it is. – schroeder Nov 18 '19 at 18:39

1 Answers1