I don't think you can disable the endpoints, they have to be accessible. You can, however, disable the root directory. Doesn't prevent "stumble upon" discovery of individual services, but prevents browsing.
We took the easy route, and just used a web application firewall (reverse proxy) for our servers. We then just make endpoints for the subfolders in /arcgis/rest/services/foldername but not the /services directory.
Down side, you have to make a link for each folder, and each service must be in a folder
Up side, no root browsing.
Thanks for all the options. Just curious though... what's the point of "disabling the services directory" then? I mean, if you do that, you might as well uninstall arcgis server... if you are using it for web access to map services.
Didn't you ask how to do this?
All the endpoint are still accessible, just not the root directory.
Your flex app uses http calls. If your app can do it, so can a browser.
For example:
My folder
http://www.mymanatee.org/arcgis/rest/services/
is forbidden
but
http://www.mymanatee.org/arcgis/rest/services/base-map/
is accessible.
This allows a user to get to the service they need, but not "nose" around and see what else we are hosting.
Error Services Directory is disabled. Code: 403
Well, I'm not sure how it's working but my flex app can get to all the services but if I try to get to them directly in a browser I get the following (see code below)... and it doesn't matter how deep on the url I go... I always get that error if I try to access via the browser. That is what I want... the flex app to work but direct browsing to not work. All I had to do was "disable services directory" and set the useAMF properties within my Flex code to "false".
I even fired up Fiddler, copied out a map service url that was passed by my Flex app running, tried pasting it back into the browser and got the below message. That baffles me but for now, I'll take it.
And just to be clear... I don't want users doing ANY direct browsing of my map services... I only want them to use the Flex app front end to do stuff.Error Services Directory is disabled. Code: 403
Ok, so the fun got spoiled. And this makes sense. I opened fiddler again and copied out a map service query URL from the Flex app... and sure enough, when pasted it back in the browser, it showed the response. So that explains that. I can, in theory, just change the parameters in the url and get a different response. Boo hoo. Guess there's no way around this unless I enable security for the server... ugh.
So, the security rationale for disabling the service directory doesn't run very deep.
But hey, how many malicious AGS/REST/JSON hackers could there be anyway? 😉
Didn't you ask how to do this?
All the endpoint are still accessible, just not the root directory.
Your flex app uses http calls. If your app can do it, so can a browser.
For example:
My folder
http://www.mymanatee.org/arcgis/rest/services/
is forbidden
but
http://www.mymanatee.org/arcgis/rest/services/base-map/
is accessible.
This allows a user to get to the service they need, but not "nose" around and see what else we are hosting.