Firewall rules

Incoming URLs

Configure your outer firewall so that it exposes only the URLs for application functionality that you want to provide to the end users. Allow external users access through the outer firewall only to the URLs listed in the following table:

Root URL

Purpose

/flashaccess/getServerVersion/v3

URL for determining the server version.

  • /flashaccess/authn/v1/*
  • /flashaccess/authn/v3/*
  • /flashaccess/authn/v4/*
  • /flashaccess/authn/v5/*

URLs for user authentication. This URL must be accessible only if you use Adobe Access Client APIs to perform user authentication.

  • /flashaccess/license/v1/*
  • /flashaccess/license/v3/*
  • /flashaccess/license/v4/*
  • /flashaccess/license/v5/*

URLs for issuing licenses to end users.

  • /flashaccess/sync/v3
  • /flashaccess/sync/v4
  • /flashaccess/sync/v5

URLs for synchronization requests. This URL must be accessible only if you specify the synchronization requirements in your licenses.

  • /flashaccess/domain/v3
  • /flashaccess/domain/v4
  • /flashaccess/domain/v5

URLs for domain registration. This URL must be accessible only if you implement domain support.

  • /flashaccess/dereg/v3
  • /flashaccess/dereg/v4
  • /flashaccess/dereg/v5

URLs for domain de-registration. This URL must be accessible only if you implement the domain support.

/flashaccess/headerconversion/v1/*

URLs for use by the client to convert FMRMS 1.x DRM metadata to Adobe Access DRM metadata.

Note: This URL must use SSL (HTTPS).

/edcws/services/urn:EDCLicenseService/*

LiveCycle Rights Management ES web service URL. If content was published using an earlier version of FMRMS, this URL allows older clients to connect to the server and be prompted to upgrade to Adobe Access.

Note: This URL must use SSL (HTTPS).

/flashaccess/lreturn/v5

URLs for license return. The URL must be accessible only if you implement license return support.

NOTE

The internal firewall must only allow connections to be made to the Adobe Access license server through the reverse proxy, and only to the URLs listed above. To improve scalability, the connections between the reverse proxy and Adobe Access will be over HTTP.

Outgoing URLs

The license server requires access through the firewall to download the following CRLs from Adobe:

  • https://crl2.adobe.com/Adobe/FlashAccessRootCA.crl
  • https://crl2.adobe.com/Adobe/FlashAccessIntermediateCA.crl
  • https://crl3.adobe.com/AdobeSystemsIncorporatedFlashAccessRuntime/LatestCRL.crl
  • https://crl2.adobe.com/Adobe/FlashAccessIndividualizationCA.crl

On this page