Show Menu
TOPICS×

Firewall rules

When determining your firewall rules, consider the following types of URLs:

Incoming URLs

You can configure your outer firewall so that it exposes only the URLs for the application functionality that you want to provide to end users.
External users can access the following URLs by using the outer firewall:
Root URL
Purpose
/flashaccess/getServerVersion/v3
To determine the server version.
  • /flashaccess/authn/v1/*
  • /flashaccess/authn/v3/*
  • /flashaccess/authn/v4/*
  • /flashaccess/authn/v5/*
  • /flashaccess/authn/v6/*
To authenticate users.
This URL must be accessible if you use Adobe Primetime DRM Client APIs for user authentication.
  • /flashaccess/license/v1/*
  • /flashaccess/license/v3/*
  • /flashaccess/license/v4/*
  • /flashaccess/license/v5/*
  • /flashaccess/license/v6/*
To issue licenses to end users.
  • /flashaccess/sync/v3
  • /flashaccess/sync/v4
  • /flashaccess/sync/v5
  • /flashaccess/sync/v6/*
To synchronize requests.
This URL must be accessible if you specify the synchronization requirements in your licenses.
  • /flashaccess/domain/v3
  • /flashaccess/domain/v4
  • /flashaccess/domain/v5
  • /flashaccess/domain/v6/*
To register domains.
This URL must be accessible if you implement domain support.
  • /flashaccess/dereg/v3
  • /flashaccess/dereg/v4
  • /flashaccess/dereg/v5
  • /flashaccess/dereg/v6/*
To de-register domains.
This URL must be accessible if you implement domain support.
/flashaccess/headerconversion/v1/*
To allow the client to convert FMRMS 1.x DRM metadata to Primetime DRM metadata.
Note: This URL must use SSL (HTTPS).
/edcws/services/urn:EDCLicenseService/*
LiveCycle Rights Management ES web service URL. If content has been published by using an earlier version of FMRMS, this URL allows older clients to connect to the server. These clients are prompted to upgrade to Adobe Primetime DRM.
Note: This URL must use SSL (HTTPS).
  • /flashaccess/lreturn/v5
  • /flashaccess/lreturn/v6
To return licenses.
The URL must be accessible if you implement license return support.
The internal firewall should only allow connections to the Primetime DRM license server through the reverse proxy, and only to the URLs in the table. To improve scalability, use HTTP for the connections between the reverse proxy and Primetime DRM.

Outgoing URLs

Outgoing URLs allow the license server to download the CRLs from Adobe.
Here is a list of the outgoing URLs that you can use:
  • https://crl2.adobe.com/Adobe/FlashAccessRootCA.crl
  • https://crl2.adobe.com/Adobe/FlashAccessIntermediateCA.crl
  • https://crl3.adobe.com/AdobeSystemsIncorporatedFlashAccessRuntime/LatestCRL.crl
  • https://crl2.adobe.com/Adobe/FlashAccessIndividualizationCA.crl