Neo4J force HTTPS

Question

I'm using Neo4J server in Ubuntu server @ AWS.

my instance only contains Neo4J, so the web server i'm using is the Neo4J built in web server.

I've successfully added SSL certificate to my server and a secured connection is present using https.

Is there a way for me to "disable" requests from regular http ?

I don't need to route http requests to the https, I just want to configure the server that it will work only with a secure connection.

Is that possible ?

UPDATE

While writing the question I thought about that I can change the security group settings in AWS in order to prevent access in the regular 7474 port, which answer my questions. I'm still curios to know if there is a native Neo4J way to achieve the same goal.

Answer 1

No, I don't think there's a native neo4j way of doing this. And there are so many other methods, that it would probably be best not to get neo4j involved in that layer of an application's architecture.

I think the best practice is to use something like an HTTPS reverse proxy combined with banning traffic to :7474 from anywhere other than localhost. Combined with a simple HTTP -> HTTPS redirect, then you've got a situation where other than a locally logged in user, the only way to access neo4j is via HTTPS.

If you use for example apache and mod_proxy, you get good stable software that's actively security managed, and where lots of people know how to administer, configure, and run it. You get a bazillion other modules for apache which mix and match well with mod_proxy, a small memory footprint, and a lot of other advantages. If we had the same functionality put into neo4j, we'd have to get them to re-implement a lot of this security-sensitive and non-trivial stuff, and the result would almost certainly be less mature and less flexible than what apache, nginx, and others already provide.