Disable Rest services Directory impact on Open Data

1146
4
06-25-2018 08:03 PM
ClintonBallandis1
Occasional Contributor

Hi all,

We have implemented an open data portal that allows user to get service URLs from the API menu. We want to promote the use of our map and imagery services through an open data environment. However in the ESRI security documentation for ArcGIS Enterprise 10.5 it is recommended that the server rest directories be disabled to stop scanners and attackers from getting a complete menu of what your product can do.

Disabling the Rest services folder then stops the user being able to use the API links from the open data portal.

I'm a little confused here as to what is best practice. We want users to access our data however want a secure environment.

Any help would be appreciated.

Thanks,

Clinton

0 Kudos
4 Replies
MirHashmi
Occasional Contributor

Hi, Not always "Best practice" is applicable. Look for the "Best Fit" strategy. In this case of ArcGIS server and your requirement, it will help if basic security mechanism is applied (user authentication & authorization) with SSL enabled.

However, i think for an open data scenario try exploring the option of ArcGIS Portal. It has lot of features that really supports open data for users and really it is meant for this use.  I think sharing data through the portal makes it easy across different level of users regardless of being technical, marketing or management, etc.  Also it has robust security measures applied.

0 Kudos
RandallWilliams
Esri Regular Contributor

To start, I'd log a quick case with Support to ask to be added to the following enhancement:

[#ENH-000097664 for Open Data, provide a way to better handle user workflows in cases where the HTML representation of an ArcGIS Server's  Services Directory is disabled.] 

There's dissonance between the Open Data design and ArcGIS Server best practices that should be reviewed.

0 Kudos
RandallWilliams
Esri Regular Contributor

Also, check out how boulder county has adjusted for this here:

Home | Boulder County Open Geospatial Data 

ClintonBallandis1
Occasional Contributor

Thanks Randall,

We have been added to #ENH-000097664 for Open Data

Since we disable the Rest Services Directory browsing our web developer has found that we can add layers to a javascript api map by creating a featurelayer from the rest endpoint and adding it to the map. However on the same layer we're unable to execute a query against it. This returns a "failed to execute query" response.

This only seems to occur on rest end points that have had their services directory browsing disabled. Is there a work around ?

Thanks,

Clinton

0 Kudos