Back to blog


Have you considered the security of your file uploads? This seemingly innocuous question unveiled a critical need that our client wasn't even aware of.

As their organization burgeoned past 500 employees and associates daily, with an increasing number of external users, it became imperative to address the vulnerability of file uploads to malware and viruses. This concern swiftly escalated to the top of their priorities.

However, the chosen platform, Mendix, lacked an inherent capability to scan files upon upload. Complicating matters, the responsiveness of the web-server needed to remain unaffected to uphold an optimal user experience. It became evident that the processing and memory required for real-time scanning necessitated a separate system.

In response to this new imperative, I proposed hosting a virus scanner on AWS, specifically as an elastic Kubernetes service (EKS) cluster for seamless horizontal scaling. The solution would deliver its virus scanning service through an API interface.

At the time, the client's Mendix application was hosted in the Mendix cloud. Consequently, I implemented robust security measures in the API, including an authentication mechanism ensuring it exclusively serviced the client's Mendix application, along with an IP filtering system that dynamically updated the list of allowed source IPs based on Mendix Cloud's provisioning and removal of public-facing outbound IPs. Behind the API, the virus scanner was designed to continuously update virus definitions.

Several months later, the entire Mendix application was seamlessly ported to Mendix Private Cloud on AWS, granting both us and the client greater control over scaling and the integration of additional services. This consolidation allowed us to place both the Mendix application and the virus scanner in the same virtual private cloud (VPC), eliminating the need for a public-facing IP for the EKS cluster and IP filtering. The result was a substantial improvement in the speed at which documents were scanned.

Now in production and utilized by the client's entire organization, it is evident that our strategic system architecture decisions and our adept identification and implementation of requirements were precisely what was needed. This comprehensive solution has empowered them with the data infrastructure necessary to propel their growth to the next level.