Cobrowse.io Docs
  • Getting started
  • SDK Installation
    • Web
    • iOS
    • Android
    • React Native
    • Flutter
    • .NET Mobile
    • macOS
    • Windows
  • SDK Features
    • Account config
    • Identify your devices
    • Use 6-digit codes
    • Redact sensitive data
    • Viewing PDFs
    • Universal Cobrowse
    • Customize the interface
      • Active session controls
      • 6-digit code screen
      • User consent dialog
      • Remote control consent dialog
      • Full device consent dialog
      • Localization / translation
    • Initiate sessions with push
    • Listening for events
    • Full device capabilities
      • Full device screen sharing
      • Full device remote control
      • Managing full device mode
    • Advanced configuration
      • Starting and stopping the SDK
      • Declaring capabilities
      • Intercepting mobile SDK network requests
      • Web
        • IFrames support
        • IE 11 polyfills
        • Cross-domain session support
        • Ignore Views
      • iOS
        • Alternate render method
        • Custom touch handling
      • Android
        • Backporting TLS to older Android versions
  • Agent-side integrations
    • Agent-side overview
    • Platform integrations
      • Zendesk
      • Salesforce
        • Migrating from legacy to v2
        • Salesforce (Legacy)
      • Genesys
        • Genesys Cloud
        • Engage Workspace Web Edition (WWE)
        • Engage Workspace Desktop Edition (WDE)
      • Intercom
      • Freshworks
      • Talkdesk
      • NICE
    • Custom integrations
    • Agent SDK
      • API Reference
      • Sample code snippets
    • Authentication (JWTs)
      • JWT Policies
    • Authentication (SAML 2.0)
    • IFrame embeds
  • Enterprise self-hosting
    • Self-hosting overview
    • Docker Compose
    • Helm chart
      • Image Pull Secret
      • Environment Variables
      • Optional recording components
      • Pod Annotations
    • AWS terraform
      • AWS metrics configuration
    • Azure terraform
      • Azure metrics configuration
    • GCP terraform
      • GCP metrics configuration
    • Sizing guidelines
    • Running your instance
      • Adding a superuser
      • Limiting account creation
      • Limiting magic link recipients
      • Configuring SMTP
      • Managing your deployment
    • Monitoring your instance
      • Available metrics
      • Self-Hosted Prometheus
    • Advanced configuration
      • Air gap configuration
      • Pin web SDK version
      • L7 firewall configuration
      • Docker proxy configuration
    • Troubleshooting
Powered by GitBook
On this page
  • SDK required APIs
  • Agent-side required APIs
  • Headers and Query Parameters

Was this helpful?

  1. Enterprise self-hosting
  2. Advanced configuration

L7 firewall configuration

L7 Firewall configuration. This guide provides helpful information if you need to secure your Cobrowse implementation behind a L7 firewall.

PreviousPin web SDK versionNextDocker proxy configuration

Last updated 2 months ago

Was this helpful?

This guide contains some information that can be useful when needing to secure your implementation behind a L7 firewall. There are two subsets of the API that are generally used by internal vs external roles.

Paths are listed as prefixes only – all subpaths must be allowed by a firewall configuration.

SDK required APIs

Here you can find the subset of the APIs that must be accessible to end user devices running our SDKs.

# Only a subset of the REST API is required for SDK use
/api/1/devices
/api/1/sessions

# And the WebSocket API.
# Firewalls must be configured to support WebSocket traffic on these routes 
/sockets/1/

Pinning the web SDK version

If you choose to using the version that is shipped with your deployment, then you will also need to add that route.

/sdk-js/

Agent-side required APIs

These are the APIs required by the agent dashboard, or embedded agent side UI.

# For the agent side, the entire API is required
/api/1/
/proxy/1/
/recording/1/

# And the WebSocket API.
# Firewalls must be configured to support WebSocket traffic on these routes 
/sockets/1/

As well as the routes above, the HTML frontend must also be accessible for agents. Paths include.

# The frontend routes for HTML, CSS and JS
/index.html
/favicon.png
/apps/
/static/

Important: The frontend is built as a static single page application, with an index.html entrypoint. Any route not included in the prefixes listed above should be considered a frontend route and resolve to /index.html.

Headers and Query Parameters

All headers, including custom headers, must be forwarded on the non-frontend routes. All query parameters must be forwarded on all routes.

Warning: We may add routes and parameters between versions. We always recommend deploying new software versions to a staging environment and testing behind your firewall configuration before promoting new versions to production.

pin the web SDK