You are viewing limited content. For full access, please sign in.

Question

Question

Web Client, WebLink, Mobile, and Forms Configuration page security for DMZ servers

Forms WebLink Web Client Mobile
Updated December 23, 2020
asked on December 22, 2020

Hi There,

 

I am looking into if there is a way to better secure the Web Client, WebLink, Mobile, and Forms configuration pages for setups on a DMZ server. Currently if someone tries to go to the DMZ server address and to one of the configuration pages, it prompts them for windows credentials which leaves it open to the public trying to guess credentials to access those configuration pages. 

 

Is there a way within these products to have it not show up at all even with the prompt unless it is being accessed from the local server directly?

0 0

Answer

SELECTED ANSWER
replied on December 22, 2020

Hi Cody,

Forms and WebLink are simple enough because their config/admin pages are separate IIS applications (FormsConfig and Designer respectively).

At the Application level, use IIS IP Address and Domain Restrictions to restrict access to only the local IP (127.0.0.1) and/or your internal network IP ranges. This will block external access to them entirely.

Web Client has a config option that controls remote Configuration Page Access. Ensure it's unchecked. I don't think this stops the ability to make external auth requests but they will never succeed even if the credentials are correct.

Mobile Server has a similar config option that controls remote Configuration Page Access (bottom of page).

1 0
replied on December 23, 2020

Hi Samuel,

 

Awesome, thank you for the information!

1 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...