Community

Am I supposed to be able to reach mywebsite.com/arcgis/portaladmin from outside the server machine?

357
1
Jump to solution
01-18-2022 07:36 AM
MKF62
by
Occasional Contributor III
‎01-18-2022 07:36 AM

I'm new to portal and am figuring out web adaptor and such. With Server, you can easily turn off administrative access from outside your server, but I haven't found an option like that with portal, thus I seem to be able to reach www.mywebsite.com:7443/arcgis/portaladmin from any computer. I cannot login because the response from my server times out and it shows my FQDN with the message. The login button doesn't even get as far as taking me to the next page where I can enter my credentials before showing the timeout. Still, it seems like I shouldn't have this page exposed to the internet when I'm not logged into the server machine; am I correct in my thinking? If so, what do I need to change? 

Other possibly relevant information:

  • Using default self-signed certs
  • Using built-in ArcGIS logins
  • Allow access through HTTPS only
  • Disabled anonymous access

 

When I am logged into the server machine these are the settings of the web adaptor:

Untitled.png

0 Kudos
1 Solution

Accepted Solutions
JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎01-27-2022 03:29 PM

There's no way within the software to restrict access to the Portaladmin API. One of the reasons is that the home application, (https://portal.domain.com/portal/home) relies on some information from Portaladmin, so it needs to be accessible via the Web Adaptor.

 

You could use reverse proxy, load balancer, or WAF rules to restrict access to the Portaladmin endpoint, while understanding that if you're an administrator, that would impact what you can do via the home app depending on where you open the page.

View solution in original post

0 Kudos
1 Reply
JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎01-27-2022 03:29 PM

There's no way within the software to restrict access to the Portaladmin API. One of the reasons is that the home application, (https://portal.domain.com/portal/home) relies on some information from Portaladmin, so it needs to be accessible via the Web Adaptor.

 

You could use reverse proxy, load balancer, or WAF rules to restrict access to the Portaladmin endpoint, while understanding that if you're an administrator, that would impact what you can do via the home app depending on where you open the page.

0 Kudos