Skip to content

Bookmark (Local Application)

In earlier versions, only remote applications could be published through the HySecure Gateway. Starting with client version 7.1.1.1011 and later, you can also publish applications that are local to the endpoint device. This feature is referred to as the Bookmark feature.

The feature configuration on the HySecure Gateway must be done only from the backend.

Supported Client platforms and Gateway compatibility

This feature is supported by the client modes and types listed below, with HySecure Gateway version 5.4 SP6 and HySecure Gateway version 7.0.

Supported Client modes on OS HySecure 5299 HySecure 5.3 HySecure 5.4 -SP2/5.4 SP5 HySecure5.4 SP6 HySecure 7.0
Client Modes: Admin/Standard Users No No No Yes Yes

HySecure Gateway Configuration

Kindly reach out to the Accops support team for assistance with Gateway Configuration.

Gateway Configuration

The HySecure Gateway configuration primarily comprises a tag to indicate the json filename to use and the actual json file, which describes the configuration

  • Configuration localapps.json

    Example

    "icon": "app:/Applications/AppName.app"

    Example: "icon": "app:/Applications/Google Chrome.app"

  • Add the tag listed below in the defaultclientsetting.js file, OR create a custom profile and the tag below ending with;

    LOCAL_APPS_CONFIG_FILE_NAME=localapps.json

    Note

    [/home/fes/public/localapps.json with 666 Permission and whitelisted from httpd conf]

localapps_mac.json

Here’s a clear breakdown of how to specify the icon path in the localapps_mac.json file for loading specific app icons on macOS:

Specifying Icon Path in localapps.json

  • To load an icon from a specific file path on the machine: Use the full file path.

    Example

    "icon": "< icon full path >"

    Example: "icon": "/Users/Shared/icons/myapp_icon.png"

  • To fetch the icon directly from a specific application bundle: Use the prefix: app: followed by the application path.

    Example

    "icon": "app:/Applications/AppName.app"

    Example: "icon": "app:/Applications/Google Chrome.app"

  • To load an icon from a URL: Specify the direct URL to the icon image.

    Example

    "icon": "< icon image URL >"

    Example: "icon": "https://example.com/icons/myapp_icon.png"

    Note

    • Ensure the path or URL is accessible and the icon file is in a supported format (e.g., PNG).
    • The correct specification will enable the client to display the desired icon for each local application.

Sample localapp.json

    {

    "version": "2.0.0.1",

    "last_update_date": "01/05/2025",

    "apps": [

    {

    "name": "Chrome",

    "cmd": "start chrome https://172.20.0.60",

    "icon": "https://172.26.9.79:443/fes-bin/public/notepad.ico"

    }

    ],

    "mac_apps": [

    {

    "name": "Chrome-Incognito",

    "cmd": "open -na 'Google Chrome' --args --incognito 'https://www.youtube.com'",

    "icon": "path:/Applications/Google Chrome.app/Contents/Resources/app.icns"

    },

    {

    "name": "",

    "cmd": "open /Applications/Chromium.app incognito https://www.youtube.com",

    "icon": "path:/Applications/Chromium.app/Contents/Resources/app.icns"

    },

    {

    "name": "Google Chrome",

    "cmd": "open -na 'Google Chrome' --args 'https://www.youtube.com'",

    "icon": "path:/Applications/Google Chrome.app/Contents/Resources/app.icns"

    },

    {

    "name": "Safari",

    "cmd": "open -na /Applications/Safari.app https://redmine.accops.com",

    "icon": "path:/Applications/Safari.app/Contents/Resources/Appicon.icns"

    },

    {

    "name": "Firefox",

    "cmd": "open -na /Applications/Firefox.app http://172.17.0.33:3030",

    "icon": "path:/Applications/Firefox.app/Contents/Resources/firefox.icns"

    },

    {

    "name": "FOUR.ONE-Gateway",

    "cmd": "open https://172.27.4.10",

    "icon": "https://static.vecteezy.com/system/resources/thumbnails/014/440/983/small_2x/image-icon-design-in-blue-circle-png.png"

    },

    {

    "name": "test:path:app",

    "cmd": "open -a 'Windows App'",

    "icon": "path:app:/Applications/Windows App.app"

    }

    ],

    "linux_apps": [

    {

    "name": "Chromium",

    "cmd": "open /Applications/Chromium.app",

    "icon": "path:/Applications/Chromium.app/Contents/Resources/app.icns"

    },

    {

    "name": "Google Chrome",

    "cmd": "google-chrome",

    "icon": "https://static.vecteezy.com/system/resources/thumbnails/014/440/983/small_2x/image-icon-design-in-blue-circle-png.png"

    }

    ]

    }

Whitelisting Guide: Allowing Specific Files in Apache Public Folder (httpd.conf)

This guide outlines the steps to explicitly permit access to selected files within a public folder on a Linux-based Apache (httpd) server.

Step 1: Navigate to the Apache Configuration Directory

    cd /etc/httpd/conf

Step 2: Edit the Apache Configuration File and open the httpd.conf file for editing:

    vi httpd.conf

Within httpd.conf, locate the relevant < Directory > or < Location > block and add (or modify) a < FilesMatch > directive as shown below to whitelist only the specified files:

<FilesMatch
"watermark\.conf|watermark_logo\.png|AppMonitor\.json|globalsetting\.js| localapps\.json|clienttags\.js|hyid_conf\.js|verinfo\.js|rulefile\.txt|av\.json|utils\.js|Accops_HySecure\.pkg|HySecure_Client_.*\.deb|vcupgrade\.zip|login_script\.json|logout_script\.json|linux_release42\.deb|linux_release48\.deb">

    Require all granted
</FilesMatch>

Step 3: Restart the Apache Service

Apply the changes by restarting Apache:

    systemctl restart httpd.service

Security Considerations

  • Always escape special characters (such as .) with a backslash (.) in regular expressions.
  • Avoid using Require all granted with broad or unvalidated wildcard patterns.
  • Carefully review the list of files to prevent exposing sensitive information.
  • Ensure the < Directory > block containing this < FilesMatch > directive is properly configured to restrict access as intended. By following these steps, only the explicitly listed files will be accessible to the public, enhancing the security of your Apache server.

Important Security Notice

Note for Mac Users:

This feature executes command-line operations directly on the user’s machine. Extreme caution is required when configuring commands, as improper use can cause significant harm to the device or network.

Safety Guidelines

  • Never configure destructive commands such as rm, sudo, reboot, shutdown, dd, or mkfs. These can result in irreversible data loss or system damage.

  • Avoid commands that require user interaction (e.g., read, passwd, or interactive scripts), as they can cause the process to hang or fail.

  • Refrain from using system-altering commands like chmod, chown, or mount unless you are absolutely certain they are safe and properly contained.

  • Do not permit execution of downloaded scripts (e.g., curl | sh, wget | bash), as these are common vectors for exploits.

  • Limit command usage to safe, user-level application launchers such as open, xdg-open, google-chrome, firefox, libreoffice, etc.

  • Always validate and sanitize any user input that will be incorporated into command strings to prevent shell injection attacks.

  • Implement logging or auditing for any commands that users can define or modify via a UI or configuration file.

Improper use of this command execution capability can introduce security vulnerabilities, result in data loss, or compromise system integrity. Use this feature responsibly and ensure you fully understand the associated risks.