Disable REST Services Directory through Web Adaptor

05-08-2014 12:33 PM
Status: Open
Occasional Contributor III

When the Web Adaptor is currently installed there is an option to disable or enable the Server Manager. However, there is no option to disable the REST Services Directory on the internet. To hide published service URLs on the internet, all services must be secured through ArcGIS Server Manager or the entire Services Directory must be disabled (both intranet and internet). I would love to see an option to disable it in the Web Adaptor like the Server Manager, but continue to be able to access it through port 6080.

I could also see a big benefit when orginzations use 1 'site' for but public and private content.  1 web-adatpor in the public space can disable service discovery, and thus mitigate many cross-site scripting attacks (for the 6 billion people that can try to hack at it), while the internal web-adaptor has discovery enabled since its locked down to only authenticated users on the internal network.  

For those who are reading this and may not be aware, disabling the services directory is possible, though it must be done through the ArcGIS Server Administrator Directory and not through the Web Adaptor.

Disable the Services Directory

Once the services directory is disabled in this way, it is disabled across the site, regardless of whether a Web Adaptor is used or not. This idea is asking for the ability to disable the service directory at the Web Adaptor level while still allowing access when using the internal ports of 6080/6443. If you have any additional use cases for how such a workflow would be beneficial, please continue to leave them in the comments below.