What is the effect of “Require Encrypted Web Access” in ArcGIS Server, and how this will affect the Arcgis server’s security?

1084
9
Jump to solution
07-06-2019 10:35 PM
MajdoleenO_A__Awadallah
Occasional Contributor III

What is the effect of “Require Encrypted Web Access” in ArcGIS Server, and how this will affect the Arcgis server’s security?

We would like to know the main effects of the “Require Encrypted Web Access” in Arcgis server, and how this will affect the security?

Best

Majdoleen

Tags (1)
1 Solution

Accepted Solutions
RandallWilliams
Esri Regular Contributor

I had to dig to find this. I'm unsure the utility of this setting in recect versions of ArcGIS Enterprise where HTTPS can be configured globally for the site. 

Requiring HTTPS for folders and services

You can require clients that connect to your ArcGIS Server services use HTTPS for the connection. This will encrypt all communication between the client and the server, so that if someone intercepts the communication during transmission, the data will be encrypted against reading. If you also want to restrict access to the service to certain users, see the section below on Limiting which users can access a service.

The HTTPS requirement is set at the folder level, rather than for individual services. If you only want to require HTTPS for an individual service and not for the entire server or folder, create a new folder and add the service to the new folder.

Note that you must install a SSL certificate on the Web server in order for clients to request resources with HTTPS. For details, see Setting up SSL.

To use Manager to require HTTPS for a folder, follow these steps:

  1. Log in to ArcGIS Server Manager and click on Services.
  2. In the drop-down box for server folders, choose the folder where you want to require HTTPS. To require HTTPS for the entire server, select the server (root).
  3. Click Manage Folders, and in the drop-down list, click Properties.
  4. In the Folder Properties dialog that opens, check Require Encrypted Web Access, then click OK.

You can also require HTTPS for a folder using ArcCatalog. To do so:

  1. Open ArcCatalog, expand GIS Servers, and double-click the administrative server connection. If necessary, add an administrative connection by double-clicking Add ArcGIS Server, clicking Manage GIS Services, then entering the server name and URL (e.g., http://myserver.example.com/arcgis/services).
  2. Expand the server connection if necessary to find the folder for which you want to require HTTPS.
  3. Right-click on the folder and choose Properties (or to require SSL for all service, right-click on the server and click Root Folder Properties).
  4. In the Folder Properties dialog, check Require Encrypted Web Access, then click OK.

Note that after you require HTTPS for a folder, then any client application must use a URL with https:// in order to use the services in that folder. If a user connects to the server with ArcCatalog and does not use https in the URL, then the folder will not display even if the user otherwise is permitted access to the folder.

http://webhelp.esri.com/arcgisserver/9.3.1/dotNet/

View solution in original post

9 Replies
George_Thompson
Esri Frequent Contributor
RandallWilliams
Esri Regular Contributor

I had to dig to find this. I'm unsure the utility of this setting in recect versions of ArcGIS Enterprise where HTTPS can be configured globally for the site. 

Requiring HTTPS for folders and services

You can require clients that connect to your ArcGIS Server services use HTTPS for the connection. This will encrypt all communication between the client and the server, so that if someone intercepts the communication during transmission, the data will be encrypted against reading. If you also want to restrict access to the service to certain users, see the section below on Limiting which users can access a service.

The HTTPS requirement is set at the folder level, rather than for individual services. If you only want to require HTTPS for an individual service and not for the entire server or folder, create a new folder and add the service to the new folder.

Note that you must install a SSL certificate on the Web server in order for clients to request resources with HTTPS. For details, see Setting up SSL.

To use Manager to require HTTPS for a folder, follow these steps:

  1. Log in to ArcGIS Server Manager and click on Services.
  2. In the drop-down box for server folders, choose the folder where you want to require HTTPS. To require HTTPS for the entire server, select the server (root).
  3. Click Manage Folders, and in the drop-down list, click Properties.
  4. In the Folder Properties dialog that opens, check Require Encrypted Web Access, then click OK.

You can also require HTTPS for a folder using ArcCatalog. To do so:

  1. Open ArcCatalog, expand GIS Servers, and double-click the administrative server connection. If necessary, add an administrative connection by double-clicking Add ArcGIS Server, clicking Manage GIS Services, then entering the server name and URL (e.g., http://myserver.example.com/arcgis/services).
  2. Expand the server connection if necessary to find the folder for which you want to require HTTPS.
  3. Right-click on the folder and choose Properties (or to require SSL for all service, right-click on the server and click Root Folder Properties).
  4. In the Folder Properties dialog, check Require Encrypted Web Access, then click OK.

Note that after you require HTTPS for a folder, then any client application must use a URL with https:// in order to use the services in that folder. If a user connects to the server with ArcCatalog and does not use https in the URL, then the folder will not display even if the user otherwise is permitted access to the folder.

http://webhelp.esri.com/arcgisserver/9.3.1/dotNet/

View solution in original post

MajdoleenO_A__Awadallah
Occasional Contributor III

Thank you Randall Williams  for your reply, it is very helpful.

So, we can conclude that the main effect of (Require Encrypted Web Access) at the level of  the folder in Arcgis server is to disable the http (enforce https) and only work with https, Please have a look on the attach!

Best,

Majdoleen

JoshuaBixby
MVP Esteemed Contributor

Why bother guessing when you can just test it.  It seems you already have ArcGIS Server deployed, and are experimenting with changing the setting.

RandallWilliams
Esri Regular Contributor

Yes, but I'd argue that HTTPS should be ubiquitous across the web.This option may be useful if you're mashing up web services with a group that hasn't enabled HTTPS, but I'd argue that the better solution is for everyone to conform to using HTTPS rather than encouraging dated practices.With that said, Esri isn't the HTTPS police so this option exists. 

MajdoleenO_A__Awadallah
Occasional Contributor III

Thank you for your reply, Randall Williams Employee

JamalNUMAN
Esteemed Contributor

Is this option equivalent to the one available in the ArcGIS Server Admin when choosing https option?

 

Home > security > config > update

----------------------------------------
Jamal Numan
Geomolg Geoportal for Spatial Information
Ramallah, West Bank, Palestine
RandallWilliams
Esri Regular Contributor

The 10.0 help describes this option. It's so old it's not even documented in newer versions:

http://help.arcgis.com/en/arcgisserver/10.0/help/arcgis_server_dotnet_help/index.html#/About_GIS_ser...

"Additionally, you can require a Secure Sockets Layer (SSL) connection to services within a folder. To do this, open the folder Properties dialog box in either Manager or ArcCatalog and check the box to Require Encrypted Web Access. See Setting up SSL for additional details on configuring SSL.="

I've logged a request to just remove checkbox from the dialog. Enabling HTTPS on just one folder is not a pattern users follow any more. 

JohnNerge1
New Contributor III

So just to be clear on the answer to Jamal's question, is the answer that yes setting https only in the ArcGIS Admin trumps the folder-level setting whether or not to require encrypted access?