3.4 Configuring LiveCycle for access beyond the enterprise

After you successfully install LiveCycle, it is important to periodically maintain the security of your environment. This section describes the tasks that are recommended to maintain the security of your LiveCycle production server.

3.4.1 Setting up a reverse proxy for web access

A reverse proxy can be used to ensure that one set of URLs for LiveCycle web applications are available to both external and internal users. This configuration is more secure than allowing users to connect directly to the application server that LiveCycle is running on. The reverse proxy performs all HTTP requests for the application server that is running LiveCycle. Users have only network access to the reverse proxy and can only attempt URL connections that are supported by the reverse proxy.

LiveCycle root URLs for use with reverse proxy server

The following application root URLs for each LiveCycle web application. You should configure your reverse proxy only to expose URLs for web application functionality that you want to provide to end users.

Certain URLs are highlighted as end-user-facing web applications. You should avoid exposing other URLs for Configuration Manager for access to external users through the reverse proxy.

Root URL

Purpose and/or associated web application

Web-based interface

End-user access

/ReaderExtensions/*

Reader Extensions end-user web application for applying usage rights to PDF documents

Yes

Yes

/edc/*

Rights Management end-user web application

Yes

Yes

/edcws/*

Web service URL for Rights Management

No

Yes

/pdfgui/*

PDF Generator administration web application

Yes

Yes

/workspace/*

Workspace end-user web application

Yes

Yes

/workspace-server/*

Workspace servlets and data services that the Workspace client application requires

Yes

Yes

/contentspace/*

LiveCycle Contentspace (deprecated) end-user web application

Yes

Yes

/adobe-bootstrapper/*

Servlet for bootstrapping the LiveCycle repository

No

No

/soap/*

Information page for LiveCycle server web services

No

No

/soap/services/*

Web service URL for all LiveCycle server services

No

No

/edc/admin/*

Rights Management administration web application

Yes

No

/adminui/*

Administration Console home page

Yes

No

/TruststoreComponent/

secured/*

Trust Store Management administration pages

Yes

No

/FormsIVS/*

Forms IVS application for testing and debugging form rendering

Yes

No

/OutputIVS/*

Output IVS application for testing and debugging output service

Yes

No

/rmws/*

REST URL for Rights Management

No

Yes

/OutputAdmin/*

Output administration pages

Yes

No

/FormServer/*

Forms web application files

Yes

No

/FormServer/GetImage

Servlet

Used for fetching JavaScript during HTML transformation

No

No

/FormServerAdmin/*

Forms administration pages

Yes

No

/repository/*

URL for WebDAV (debugging) access

Yes

No

/AACComponent/*

Applications and Services user interface

Yes

No

/WorkspaceAdmin/*

Workspace administration pages

Yes

No

/rest/*

Rest support pages

Yes

No

/CoreSystemConfig/*

LiveCycle Core Configuration settings page

Yes

No

/um/

User Management authentication

No

Yes

/um/*

User Management administration interface

Yes

No

/DoumentManager/*

Uploading and downloading of documents that are to be processed when accessing remoting endpoints, SOAP WSDL endpoints, and the Java SDK over SOAP transport or EJB transport with HTTP documents enabled.

Yes

Yes

/remoting/*

Adding a Remoting endpoint enables a Flex application to invoke the service using LiveCycle remoting.

Yes

Yes

// Ethnio survey code removed