Community

Proxy config allowReferers question

3558
9
Jump to solution
08-28-2015 11:32 AM
TracySchloss
by
Frequent Contributor
‎08-28-2015 11:32 AM

I'm thinking in a circle here.  If I have my application and proxy configuration deployed on appserver.com and my gis services on gisserver.com, when I edit my proxy.config file to tighten the security. then allowReferers would be to "gisserver.com" , wouldn't it? 

Or am I telling the GIS server to only allows requests from the application server?

0 Kudos
1 Solution

Accepted Solutions
RobertWinterbottom
by
Occasional Contributor
‎08-28-2015 11:38 AM

Tracy Schloss:

Or am I telling the GIS server to only allows requests from the application server?

I think this is correct.  allowedReferers is who can make the request and serverUrls is where the request can go.  So in this case I think you would want allowedReferers to be appserver.com and you would put gisserver.com in your serverUrls configuration.  This way the proxy will only allow appserver.com to make requests to gisserver.com and nothing else.

In case you haven't seen this, I find this to be a decent resource for what some of the configurations are and how to set them up. 

resource-proxy/PHP at master · Esri/resource-proxy · GitHub

View solution in original post

0 Kudos
9 Replies
RobertWinterbottom
by
Occasional Contributor
‎08-28-2015 11:38 AM

Tracy Schloss:

Or am I telling the GIS server to only allows requests from the application server?

I think this is correct.  allowedReferers is who can make the request and serverUrls is where the request can go.  So in this case I think you would want allowedReferers to be appserver.com and you would put gisserver.com in your serverUrls configuration.  This way the proxy will only allow appserver.com to make requests to gisserver.com and nothing else.

In case you haven't seen this, I find this to be a decent resource for what some of the configurations are and how to set them up. 

resource-proxy/PHP at master · Esri/resource-proxy · GitHub

0 Kudos
TracySchloss
by
Frequent Contributor
‎08-28-2015 11:45 AM

Thanks, we'll give it a try.  I haven't needed a proxy page set up for very many things, and I'm surprised how few resources I've found for examples.  I guess most people must be using the files from gitHub as-is, except for their serverUrls.

0 Kudos
MichaelVolz
by
Esteemed Contributor
‎08-28-2015 11:49 AM

Are you using the proxy for custom printing?

0 Kudos
RobertWinterbottom
by
Occasional Contributor
‎08-28-2015 11:52 AM

Yea thats exactly right.  Thats pretty much what we did the last time we used their proxy. I think all browsers now support CORS except for IE < 10 and most services now have the Access-Control-Allow-Origin header set to "*", so maybe in the near future we wont really need proxies except for very large GET requests, which proxies convert to POST so they can work.

0 Kudos
TracySchloss
by
Frequent Contributor
‎08-28-2015 11:55 AM

We're obliged to support IE 9, at least until the end of the year.

0 Kudos
TracySchloss
by
Frequent Contributor
‎08-28-2015 11:53 AM

No, to get past the cross domain issue.

0 Kudos
MichaelVolz
by
Esteemed Contributor
‎08-28-2015 11:55 AM

So is your application on a web server that is not the same as your GIS server(s)?

0 Kudos
TracySchloss
by
Frequent Contributor
‎08-28-2015 12:02 PM

Exactly.  It's for another agency, so they'll host it on their server and point to services on our GIS server.  Typically we host our own maps, but this is actually an application that has just a little bit of GIS to it, embedded within a .NET app.  (I didn't know how possible that would be, but it turns out there's not much to it.).

0 Kudos
jorisfrenkel
by
Occasional Contributor II
‎01-06-2023 03:16 AM

Wow, this is a topic from long ago, but I still have something to add. 

I needed this info, but it wasn't complete for me. I found out I need to add "/*" behind the appserver.com, so "appserver.com/*" for this to work, or even more specific "<servername>.appserver.com/*".

Thanks also to: https://github.com/Esri/resource-proxy/issues/282