https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/1126895#M32020 <P>Unfortunately, Portal is too clever for a simple dummy entry. I tried:</P><P>"<SPAN><SPAN class="">allowedProxyHosts</SPAN>":""</SPAN></P><P><SPAN>And restarted the Portal for ArcGIS Service. Afterwards, the Security Configuration web page in the Portal Administrator Directory no longer shows the allowedProxyHosts property at all.</SPAN></P><P><SPAN>I'm guessing that the dummy entry should be a domain that we control. For example, the dummy entry for Randall Williams's development server might be:</SPAN></P><P><SPAN>"<SPAN class="">allowedProxyHosts</SPAN>":"nonexistentsubdomain.esri.com"</SPAN></P> Thu, 16 Dec 2021 20:03:25 GMT ZianChoy 2021-12-16T20:03:25Z https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/494728#M19129 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>I have an external facing Portal (10.6.1). I'm working through and configuring the ArcGIS Enterprise security recommendations. I'm wanting to get get some clarification&nbsp;on what I should be entering into the Portal Admin Directory for the&nbsp;allowedProxyHosts.</P><P></P><P><STRONG><IMG class="image-1 jive-image" src="https://community.esri.com/legacyfs/online/450336_pastedImage_1.png" /></STRONG></P><P></P><P></P><P></P><P>From what I understand these should external domains that the portal can access content from? You have to add a new domain for every external server that you want to consume resources from. This protects your Portal from being used for Malicious attacks?&nbsp; &nbsp;</P><P></P><P>So for the example highlighted&nbsp; "(.*).arcgis.com" if I added this to my allowdProxyHosts my Portal will be allowed&nbsp;to get resources from any machine with a domain ending in .arcgis.com?</P><P></P><P>If I wanted to get resources from <A href="https://bob.com">https://xyz.com</A>&nbsp;I would add this as well ?&nbsp;</P><P></P><P>Do the domains need prefaced with https:// ?&nbsp;</P><P></P><P>Any help would be appreciated.</P><P></P><P>Thanks,</P><P></P><P>Clinton</P></BODY></HTML> Fri, 14 Jun 2019 01:11:18 GMT https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/494728#M19129 ClintonBallandis1 2019-06-14T01:11:18Z https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/494729#M19130 <HTML><HEAD></HEAD><BODY><P>Hi Clinton,</P><P></P><P>You should add the domain for ArcGIS Server machines to which you're creating items with stored credentials, hosts that provide OCG services, hosts that don't support CORS. If you have none of those, a dummy entry will work fine - like your domain.</P><P></P><P>You can see if a server supports CORS by reviewing the access-control-allow-origin header in the browser debugger for a web request to that resource.</P></BODY></HTML> Fri, 28 Jun 2019 13:32:33 GMT https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/494729#M19130 RandallWilliams 2019-06-28T13:32:33Z https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/494730#M19131 <HTML><HEAD></HEAD><BODY><P><A href="https://community.esri.com/migrated-users/3931">Randall Williams</A>‌</P><P>if the Server Site is federated with the Portal using an AdminURL via an internal Load Balancer - do you need to add the Load Balancer URL instead of the individual Servers' URLs?</P></BODY></HTML> Fri, 16 Oct 2020 04:09:33 GMT https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/494730#M19131 DavidHoy 2020-10-16T04:09:33Z https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/494731#M19132 <HTML><HEAD></HEAD><BODY><P>I'm pretty sure that the federated endpoints are automatically added to the allowed proxy hosts list. Requests to servers that are not allowed receive a http 403 response.&nbsp;&nbsp;</P></BODY></HTML> Fri, 16 Oct 2020 13:24:43 GMT https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/494731#M19132 RandallWilliams 2020-10-16T13:24:43Z https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/1126895#M32020 <P>Unfortunately, Portal is too clever for a simple dummy entry. I tried:</P><P>"<SPAN><SPAN class="">allowedProxyHosts</SPAN>":""</SPAN></P><P><SPAN>And restarted the Portal for ArcGIS Service. Afterwards, the Security Configuration web page in the Portal Administrator Directory no longer shows the allowedProxyHosts property at all.</SPAN></P><P><SPAN>I'm guessing that the dummy entry should be a domain that we control. For example, the dummy entry for Randall Williams's development server might be:</SPAN></P><P><SPAN>"<SPAN class="">allowedProxyHosts</SPAN>":"nonexistentsubdomain.esri.com"</SPAN></P> Thu, 16 Dec 2021 20:03:25 GMT https://community.esri.com/t5/arcgis-enterprise-questions/enterprise-security-allowedproxyhost-portal-admin/m-p/1126895#M32020 ZianChoy 2021-12-16T20:03:25Z