3.4 Configuring LiveCycle for access beyond the enterprise

3.4.1 Setting up a reverse proxy for web access

After you successfully install LiveCycle, it is important to periodically maintain the security of your environment. This section describes the tasks that are recommended to maintain the security of your LiveCycle production server.

3.4.1 Setting up a reverse proxy for web access

A reverse proxy can be used to ensure that one set of URLs for LiveCycle web applications are available to both external and internal users. This configuration is more secure than allowing users to connect directly to the application server that LiveCycle is running on. The reverse proxy performs all HTTP requests for the application server that is running LiveCycle. Users have only network access to the reverse proxy and can only attempt URL connections that are supported by the reverse proxy.

View full size graphic

LiveCycle root URLs for use with reverse proxy server

The following application root URLs for each LiveCycle web application. You should configure your reverse proxy only to expose URLs for web application functionality that you want to provide to end users.

Certain URLs are highlighted as end-user-facing web applications. You should avoid exposing other URLs for Configuration Manager for access to external users through the reverse proxy.

Root URL	Purpose and/or associated web application	Web-based interface	End-user access
/ReaderExtensions/*	Reader Extensions end-user web application for applying usage rights to PDF documents	Yes	Yes
/edc/*	Rights Management end-user web application	Yes	Yes
/edcws/*	Web service URL for Rights Management	No	Yes
/pdfgui/*	PDF Generator administration web application	Yes	Yes
/workspace/*	Workspace end-user web application	Yes	Yes
/workspace-server/*	Workspace servlets and data services that the Workspace client application requires	Yes	Yes
/contentspace/*	LiveCycle Contentspace (deprecated) end-user web application	Yes	Yes
/adobe-bootstrapper/*	Servlet for bootstrapping the LiveCycle repository	No	No
/soap/*	Information page for LiveCycle server web services	No	No
/soap/services/*	Web service URL for all LiveCycle server services	No	No
/edc/admin/*	Rights Management administration web application	Yes	No
/adminui/*	Administration Console home page	Yes	No
/TruststoreComponent/ secured/*	Trust Store Management administration pages	Yes	No
/FormsIVS/*	Forms IVS application for testing and debugging form rendering	Yes	No
/OutputIVS/*	Output IVS application for testing and debugging output service	Yes	No
/rmws/*	REST URL for Rights Management	No	Yes
/OutputAdmin/*	Output administration pages	Yes	No
/FormServer/*	Forms web application files	Yes	No
/FormServer/GetImage Servlet	Used for fetching JavaScript during HTML transformation	No	No
/FormServerAdmin/*	Forms administration pages	Yes	No
/repository/*	URL for WebDAV (debugging) access	Yes	No
/AACComponent/*	Applications and Services user interface	Yes	No
/WorkspaceAdmin/*	Workspace administration pages	Yes	No
/rest/*	Rest support pages	Yes	No
/CoreSystemConfig/*	LiveCycle Core Configuration settings page	Yes	No
/um/	User Management authentication	No	Yes
/um/*	User Management administration interface	Yes	No
/DoumentManager/*	Uploading and downloading of documents that are to be processed when accessing remoting endpoints, SOAP WSDL endpoints, and the Java SDK over SOAP transport or EJB transport with HTTP documents enabled.	Yes	Yes
/remoting/*	Adding a Remoting endpoint enables a Flex application to invoke the service using LiveCycle remoting.	Yes	Yes