Why is access allowed outside of the internal network? Should it be? Ideally, this would live inside the network firewall, making it automatically not accessible to the outside world.
Originally, I thought you might have it setup this way because you are using something like Amazon Web Services, but then I noticed the 10.* addresses - which would be internal only.
(If it is on AWS, etc. - then maybe that is the reason why your 10.* filter is not working?)
Assuming it isn't on AWS, have you considered putting some sort of firewall in front of it instead of just putting it out in the wild? Applications like an F5 support this type of filtering very easily.
1 of 1 people found this helpful
We have a similar scenario of external users coming in via a "client access portal" and then using trusted auth to render reports. Our solution to lock-down appropriate content is to leave the Tableau server inside the MPN, and then use an external load balancer that routes traffic from the outside portal and applies filtering rules to specify which URI requests are allowed to be routed to Tableau. It works quite well.
The application is used over the internet by our customers globally. Therefore we need to have the embedded Tableau views available with trusted authentication but want to prevent public access to the regular Tableau login functionality.
Oh, that makes sense. If you need it outside accessible, then I definitely agree with Jeffery's comment.
Put something in front of it and proxy back.
There are a ton of appliances that are built for this.
I was also thinking if an external load balancer would be able to filter requests based on URIs. We have the system running on AWS and are using an elastic load balancer, which unfortunately doesn't seem to support filtering based on URIs. I wouldn't want to add another device (perhaps a Linux box could do that) before the ELB so therefore was thinking about configuring Tomcat to filter the requests instead.
The thing is that adding Tomcat filter rules seems like something that could be done pretty easily, but it apparently the Tableau setup is somehow customized (?) and the configurations I tried do not take effect..
Our load balancer is nginx running on Linux and it has full config options. I plead ignorance toward anything else besides playing with the Tableau httpd.config (on dev) and not really having any success with it.