Restricting access to write usage log data

It may be desired to restrict access to the /usage/log endpoint for persisting data. This can be done by setting up a list of allowed host names. Those host names will be tested against the http Header value Referer. The referrer value typically contains the url of the web page sending the request.

default-application.properties
analytics.usagelog.referers=*

The default setting allows for sending usage/log requests from anywhere, but assuming the setting below applies the following http referer values are accepted by the usage/log endpoint:

  • http://mydomain.com/application/index.html

  • https://mydomain.com/webapp/somePage.jsp

  • https://www.myotherdomain.eu/client.aspx

Not accepted at the endpoint:

  • http://www.myotherdomain.eu/client.aspx (because the setting explicitly points to https protocol)

  • http://www.conterra.de/some-page.html (because the URL is not even listed in the property)

application.properties
analytics.usagelog.referers=mydomain.com,https://www.myotherdomain.eu