You are viewing limited content. For full access, please sign in.

Question

Question

Feature Request - Laserfiche windows client and web endpoints

Laserfiche Ideas
Updated 23 hours ago
asked one day ago

Hi All,

 

In the Laserfiche Office Integration you're able to configure this to communicate with a web client endpoint (not needing a see the Laserfiche app server host name):-

 

 

Is there any way this functionality can be added to the windows client? This way you could use the windows client externally without the need for a VPN etc.?

 

Cheers!

Chris

0 0

Answer

SELECTED ANSWER
replied one day ago

I've tried this with AWS's HTTP (ALB) and TCP (NLB) reverse proxies/load balancer as a basic proof of concept test and it seemed to work for the 5 minutes or so of clicking around I did. No sort of comprehensive testing.

But a bigger point is that you should strenuously avoid directly exposing Laserfiche Repository Server instances to the public internet, even though a proxy. It's a massive increase in attack surface for the system. Web Client and other Laserfiche web applications have a huge range of built-in cybersecurity protections that are simply not present in the same way in Laserfiche Repository Server. 

It's 2025. There are many VPN solutions that support automatic split-tunnel connections to internal resources without users having to do anything. I even have a point about this in my "Securing Self-Hosted Laserfiche Solutions" Empower course:

1 0

Replies

replied one day ago

There are no plans to add application-specific proxying functionality into the Windows client. But since most communication is over http, it is feasible for you to run your own proxy to go through. I don't know if it's something people do, but it can work.

The main caveats are: we use webdav extensions to http, so the proxy can't be too restrictive about the verbs that are used; and folder change notifications use a non-http port that you would have to proxy at the tcp level (or not, but then you don't get notifications).

2 0
SELECTED ANSWER
replied one day ago

I've tried this with AWS's HTTP (ALB) and TCP (NLB) reverse proxies/load balancer as a basic proof of concept test and it seemed to work for the 5 minutes or so of clicking around I did. No sort of comprehensive testing.

But a bigger point is that you should strenuously avoid directly exposing Laserfiche Repository Server instances to the public internet, even though a proxy. It's a massive increase in attack surface for the system. Web Client and other Laserfiche web applications have a huge range of built-in cybersecurity protections that are simply not present in the same way in Laserfiche Repository Server. 

It's 2025. There are many VPN solutions that support automatic split-tunnel connections to internal resources without users having to do anything. I even have a point about this in my "Securing Self-Hosted Laserfiche Solutions" Empower course:

1 0
replied 23 hours ago

Thanks for the detailed responses Sam/Brian,

 

All noted. Maybe I'm just over simplifying this.

 

I was just curious how the office integration was communicating and wondered if it was easy enough to roll out that functionality into the windows client too. Most customers who have the web client already have this exposed externally. 

 

Cheers!

Chris

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...