How to allow access to specific file

Hi to all,

We are implementig Microsoft Dynamic Business Central, which as app also include web api. Now for integrating api with third applications like web store, we had to put this api to public access (api uses port, so port forwarding to server). For security reasons I have also create firewall rule, to allow access only to listed static ip’s. Problem here is that Microsoft whant to have access to specific file from his azure servers (there is about 1000 ip’s, listed them to allow access is bad practise as they are also changing). My question is how to allow access to url like: mydomain.com/microsoft-bc/azurereadfile.htm but also have rule which allow access to mydomain.com/microsoft-bc (which is api access) only for listed ip’s in address list.

Thank you all for any help or sugeations.

Mikrotik is a L3/L4 firewall. It has some L7 functionality, but that doesn’t work at all if connection is encrypted (and modern web browsing uses https, so it’s encrypted).

Ergo, your request can not be fulfilled on Mikrotik firewall. You really should try to implement this kind of security on application level (API).

If you place a proper reverse proxy (RP), such as HAproxy or apache or nginx, in front of API and terminate TLS on that RP, then you should be able to do the filtering on RP.