Community

ArcGIS Server on a machine with private IP behind a firewall

711
7
10-12-2010 02:54 AM
NicolaLugeri
by
New Contributor
‎10-12-2010 02:54 AM
Hi all,
I've been browsing threads and tech articles/blogs for similar issues, with no luck.
I'm trying to display maps provided by a server placed in our internal network (with private IP 10.16....), through a sample flex viewer 1.3 served by the "external" web server (with public IP 193.206....).
The firewall allows these two servers to dialog via port 80.
I assume that simply placing a crossdomain.xml file in the root of the "private" server would not solve the problem, because the private IP would not be accessible to any machine in the outer world (in fact, I naively tried to do that, with no success).
I was not able to understand if and how this situation could be solved using a proxy, or if the only way out is to place the server outside the private network.
Thanks in advance

Nicola
Tags (2)
0 Kudos
7 Replies
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎10-12-2010 05:08 AM
Nicola,

   You need to ensure that you are not interchanging machine names and IP addresses any where in you project. If you are using IPs then even in your config.xml the url for the map service you need to use the IP. If you are interested in security than you should configure your servers to use reverse prox, as detailed in this link.

http://resources.arcgis.com/content/kbase?fa=articleShow&d=32634
0 Kudos
NicolaLugeri
by
New Contributor
‎10-12-2010 06:53 AM
Thanks a lot, Robert.
the Howto you pointed me to seems to address exactly my issue.
I feel kind of dumb I could not find it myself.....
I'll try to set up this configuration, also taking care of the other tip on IP vs names, and then be back to this thread with a -hopefully positive- feedback.
All the best

Nicola
0 Kudos
NicolaLugeri
by
New Contributor
‎10-14-2010 05:11 AM
hhhmmm...
the server we wanted to use runs win2003 and II6. It looks there's no way to set up a reverse proxy on it.
A colleague told me (I hope I'm reporting this correctly) that they're using a proxy configuration in flex viewer 1.3 to handle services on other servers (although, I guess, still within the DMZ). We've tried very trivially to use their configuration, adding in their proxy.config the name of our internal server.
Of course, with no succes....
any suggestion?
Thanks!

Nicola
0 Kudos
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎10-14-2010 05:31 AM
Nicola,

    The best way to get this working for you is to get a low end server or even unused desktop and put it in the DMZ and install only Apache web server with reverse proxy on it. The firewall will allow only that machine to communicate to the internal IIS machine across an non standard port (i.e. not port 80 as all hackers know to attack that port).
0 Kudos
NicolaLugeri
by
New Contributor
‎10-14-2010 06:49 AM
OK, I'll check this with our IT/network colleagues

thanks a lot.
0 Kudos
NicolaLugeri
by
New Contributor
‎10-19-2010 02:19 AM
Hello again,
My colleagues insist that the simple configuration of a proxy page (http://resources.esri.com/help/9.3/arcgisserver/apis/javascript/arcgis/help/jshelp_start.htm#jshelp/...) instead of a reverse proxy must work.
the problem is that it still doesn't.
We've followed the instructions in the link above, adapting it to flexviewer, but perhaps we're still missing sthg.
I report the code lines "involved" in the process (as far as we could recognise):
______________________________
config.xml
....
....
<livemaps>
       <mapservice label="Myservice" type="dynamic" visible="true" alpha="0.75">http://10.16.###.###/ArcGIS/rest/services/Operational/Myservice/MapServer</mapservice>
</livemaps>
.....
....
<proxytype>asp</proxytype> <!-- apache|jsp||php -->

_________________________________
Proxy.config


<?xml version="1.0" encoding="utf-8" ?>
<ProxyConfig mustMatch="true">
  <serverItems>
<serverItem url="http://10.16.###.###/ArcGIS/rest/services" matchAll="true" />
  </serverItems>
</ProxyConfig>
__________________________________________

ConfigManager.as
...
....
  //get proxy url
  private function getProxyURL(proxytype:String):String{
   var rootURL:String = Application.application.url;
   rootURL = rootURL.substr(0,rootURL.length-10);
  
   var ext:String;
  
   switch (proxytype) {
    case "php":
     ext = "php";
     break;
    case "apache":
     break;
    case "jsp":
     ext = "jsp"
     break;
    case "asp":
     ext = "ashx";
     break;
    default:
     ext = "php";
   }
  
   return rootURL + "/proxy." + ext; // + "?url=";
  }
...
...
__________________________________

The file proxy.ashx is placed in the website's root dir.


If we debug the webpage from an external client, we see that it tries to directly access the file crossodomain.xml on the internal machine, instead of doing that via the proxy. The file, in fact, exists; the error is on the private IP which is unknown to the external client.

I have the feeling that some sort of instruction to tell the client that a proxy page exists, is missing.


Thanks for your time

Nicola
0 Kudos
NicolaLugeri
by
New Contributor
‎10-19-2010 07:35 AM
Problem solved with the "proxy page" configuration.
Basically, we were having problems because the sample viewer 1.3 that we've been using was somehow not compatible with the deployed proxy files (proxy.config and proxy.ashx) available from http://resources.esri.com/help/9.3/arcgisserver/apis/javascript/arcgis/help/jshelp_start.htm#jshelp/...
ESRIItalia provided us with a fixed version of the viewer, so that the services from the "private" server are now accessible.

Thanks again for your suggestions

Nicola
0 Kudos