Publicly accessible URIs
For security reasons, it’s important to restrict access from the public internet. If you have a self-hosted Landscape deployment with clients outside your local network, it’s strongly advised you restrict network access to your Landscape server.
You should only permit access to the following URIs:
/ping/message-system/repository/attachments/hash-id-databases
The URIs listed follow your Landscape FQDN. For example, https://landscape-server.example.com/ping.
The paths /repository, /attachments and /hash-id-databases contain several subpaths. Depending on your specific purpose, you can choose to restrict access to one or more of these subpaths. For example, in single-tenant architectures, access to the path /repository can be limited exclusively to /repository/standalone/*.