Open Up Your Ports
Open Up Your Ports by Arjan van IJzendoorn
In version 4.3.0 we improved security by limiting access to the server to requests from the same machine. In other words, trying to connect to the Mendix runtime from another computer will fail by default.
In many cases you will not notice this change. While you are developing you are running the Mendix server on your machine and also accessing it from that same machine. And in production there is a web server in front of the Mendix server which – most likely – is also running on that same computer.
However, you will run into the security enhancement when you are doing mobile development or if you are running the Mendix server in a virtual machine and use the browser of the host machine, e.g. a browser on a Mac with the Modeler running in a VM. In those cases requests come from a different IP address and they will be blocked:
To fix this, you open the runtime port to other machines. Go to Project > Settings > Configurations. Choose the configuration for which you want to open ports and for ‘Runtime port security’ select ‘Open to other machines’:
For test, acceptance and production environments it depends on where you apps run whether you need to take action:
- If you deploy in the Mendix Cloud, you do not need to do anything.
- If you deploy on premise with the Windows Service Console, you can configure the port security in the Service Console. If the web server is on the same physical machine as the runtime, you do not need to do anything.
To summarize, in many cases you do not need to do anything. The most common case where you run into the port security is when accessing an app through a mobile device during development. In that case, open up your ports!