From b40e6d39166895f67d432ff9f4dd6e69d896c3d6 Mon Sep 17 00:00:00 2001 From: DanielNunesOS <132558444+DanielNunesOS@users.noreply.github.com> Date: Fri, 9 Feb 2024 13:36:09 +0000 Subject: [PATCH] Update configure-internal-network.md Changed the title to account for both fields present on this page and added information regarding the TPA section --- .../configure-internal-network.md | 25 +++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/src/managing-the-applications-lifecycle/secure-the-applications/configure-internal-network.md b/src/managing-the-applications-lifecycle/secure-the-applications/configure-internal-network.md index 57d1f14cb..ae394f870 100644 --- a/src/managing-the-applications-lifecycle/secure-the-applications/configure-internal-network.md +++ b/src/managing-the-applications-lifecycle/secure-the-applications/configure-internal-network.md @@ -8,7 +8,9 @@ platform-version: o11 figma: https://www.figma.com/file/rEgQrcpdEWiKIORddoVydX/Managing%20the%20Applications%20Lifecycle?node-id=267:93 --- -# Configure an Internal Network +# Network Security - Service Center + +Sub-header here: Configure an Internal Network OutSystems applications can set the access to specific elements (Web UI Flows (**traditional web apps only**), exposed SOAP services, and exposed REST APIs) to be available only within an internal network, while other parts of the application are kept available to the general public. @@ -43,4 +45,23 @@ When you define an internal network for a specific OutSystems environment, it wi In the case you inadvertently define an internal network configuration that blocks you from accessing Service Center, you can: * [use the Configuration Tool to clear the internal network settings](../../ref/configuration-tool/tabs/network.md) currently defined, if it's a self-managed environment; -* contact [OutSystems Support](https://www.outsystems.com/SupportPortal/CaseOpen/) to revert or adjust the internal network addresses if it's an OutSystems Cloud environment. +* contact [OutSystems Support](https://www.outsystems.com/SupportPortal/CaseOpen/) to revert or adjust the internal network addresses if it's an OutSystems Cloud environment. + + +Sub header here: Configure a Trusted Proxy + +On the same page, you can find a configuration called Trusted proxy addresses: where you can add a Load Balancer or proxy address that will be always trusted by the platform. + +This will be a list of IP addresses or ranges of addresses for proxies that inject X-Forwarded-For headers and must be respected by the platform (as load balancers). This also helps for scenarios where multiple IT users will be accessing the platform or a specific application through a load balancer, and if there is an issue for a user that tries to log in consecutively, it will not block the load balancer IP address, this way not blocking all IT users that use the load balancer/proxy to access that application. , such as our brute force mechanism would work. (provide brute force mechanism article here: https://success.outsystems.com/documentation/11/managing_the_applications_lifecycle/secure_the_applications/protection_against_brute_force_attacks/ ). This can also be helpful when trying to run debug sessions when your infrastructure has multiple Front-end servers behind a proxy scenario, as Service Studio will need to match the origin IP address with the developer IP address (Only for Traditional Web applications, Reactive and Mobile applications don't fall into this scenario) + +Leaving the field empty means the platform will not look at the header. + +To add load balancer or proxy addresses, you simply need to: +1 - Add the address to the configuration box. +2 - Save the change made. +3 - Apply settings to the whole factory. + + +Same warning as the one at the start of the page: + +This procedure applies only to self-managed environments. For OutSystems Cloud installations, this is currently not supported.