Securing AGS output, cache, and jobs folders

NathanielWingfield · ‎07-14-2011

ArcGIS Server (for .NET) generates images, etc. in arcgisoutput, arcgiscache, and arcgisjobs folders. Can the AGS security system (specifically, token-based) be used to secure these folders in the same manner as the REST API? Or do they require a separate strategy? I've pored over the documentation but have found nothing specific to this aspect of AGS security.

RogerBannister · ‎08-10-2011

I'm curious if you ever found an answer. The best that I could do was try to persuade myself that asynchronous job output had a timer on it, the directory doesn't allow listing, and the job GUID would be very difficult to guess (for a human at least). Certainly there's a better answer out there... you spend all this effort setting up token-based security for the services, it seems silly that the output isn't similarly locked down.

NathanielWingfield · ‎09-06-2011

I'm curious if you ever found an answer. The best that I could do was try to persuade myself that asynchronous job output had a timer on it, the directory doesn't allow listing, and the job GUID would be very difficult to guess (for a human at least). Certainly there's a better answer out there... you spend all this effort setting up token-based security for the services, it seems silly that the output isn't similarly locked down.

http://gis.stackexchange.com/questions/12207/securing-ags-output-cache-and-jobs-folders

JonBurgoyne1 · ‎09-25-2018

https://developers.arcgis.com/rest/enterprise-administration/server/securityconfig.htm

(Virtual Directories Security Enabled)—A boolean that indicates if the server's virtual directories are secured and require authentication.

If true, accessing the content in the arcgisoutput, arcgisjobs, and arcgisinput directories over HTTP will require user authentication. This will negatively impact performance.