ArcGIS Monitor enforces the use of the HTTPS protocol by default, creating a secure communication channel for web traffic. Accessing Monitor through HTTPS ensures network confidentiality and integrity.
The use of HTTPS protects against man-in-the-middle attacks, in which a malicious agent intercepts unsecured communications over a network and poses as the legitimate source of the communications to both the client and the server.
Communication over HTTPS is established through the use of digital certificates. Certificates are signed by a certificate authority (CA) to ensure trust between the client and the server. Monitor has its own internal certificate authority and comes with a default self-signed certificate, but it's recommended that you configure a certificate signed by an external CA. This is because most browsers warn against or discourage the use of self-signed certificates, meaning you have to suppress the warnings if you are using one. Your IT administrator should provide you with certificates signed by an external CA.
Learn more about server certificates
Change HTTP protocol settings
Monitor administrators may want to relax the default restriction of HTTPS communication. In most cases, this is to allow communication over both HTTP and HTTPS.
To change HTTP communication settings, complete the following steps:
- Access Monitor if necessary.
The Home page appears.
- Click Administration.
The Administration page appears.
- In the HTTP communication settings section, click Edit.
The HTTP communication settings dialog box appears.
- Use the HTTPS only toggle button to change the protocol setting.
- Click Save.
The HTTP communication settings are saved and a confirmation message appears.
- Click Restart server to restart Monitor and apply the changes.
HTTP Strict Transport Security
To enforce strict use of HTTPS in your Monitor deployment, enable HTTP Strict Transport Security (HSTS) headers. When enabled, Monitor sends a Strict-Transport-Security header with all responses it returns. This header directs the recipient browser to use only HTTPS requests for a duration of time defined by the header (set to one year). HSTS is turned off by default but reinforces the use of HTTPS protocol.
Supported TLS versions
Transport Layer Security (TLS) is a cryptographic protocol that provides communications security over a network. Monitor supports TLS versions 1.3 and 1.2.