Skip to main content
ExLibris
Ex Libris Knowledge Center

How to limit external access to the vxws web services

  • Product: Voyager
  • Product Version: All

 

Desired Outcome Goal

  • Ensure that access to VXWS services are restricted only to IP addresses require access to VXWS services.

Procedure:

  1. On the voyager server, open server.xml in a text editor (7.0.1 - 7.2.5: /m1/voyager/xxxdb/tomcat/vxws/conf/ ; 8.0.0 and higher: /m1/voyager/xxxdb/tomcat/conf):
  2. Locate the lines within the file resembling the following. This can be done by searching the file for "RemoteAddrValve":

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>

  1. To ensure that the RemoteAddrValve rule is enabled, remove any comment tags surrounding this text  ("<!--" and "-->")
  2. The "allow=" property of the RemoteAddrValve directive, by default, is configured only to only allow connections to made from the voyager server, to allow connections from additional locations the IP addresses must be added to the rule. The syntax for multiple IP addresses is dependent on the Voyager version:

Voyager 7.0.1 - 8.0.0 (separate with commas):

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1, 123.45.6.789"/>

 

Voyager 8.1.0 and higher (separate with pipe symbols and write as regular expression):

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1|123\.123\.123\.123|192\.168\.0\.\d+"/>

 

For configuring more complicated rules please contact support, there are also several free tools available on the Internet which can aid in developing regular expressions for specific IP ranges.

  1. Once the rule has been correctly configured, tomcat should be restarted to put the change into effect. Test both webvoyage, and vxws services from each allowed location to ensure that the rule is configured correctly.

Additional Information

Additional information on RemoteAddrValve


  • Article last edited: 2016-Mar-01
  • Was this article helpful?