How to limit external access to the vxws web services
- Product: Voyager
- Product Version: All
Question
How to ensure that access to VXWS services are restricted only to IP addresses require access to VXWS services?
Answer
- On the voyager server, open server.xml in a text editor (7.0.1 - 7.2.5: /m1/voyager/xxxdb/tomcat/vxws/conf/ ; 8.0.0 and higher: /m1/voyager/xxxdb/tomcat/conf):
- Locate the lines within the file resembling the following for vxws. This can be done by searching the file for "RemoteAddrValve":
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>
- To ensure that the RemoteAddrValve is enabled, remove any comment tags surrounding this text ("<!--" and "-->")
- The "allow=" property of the RemoteAddrValve directive, by default, is configured only to only allow connections made from the Voyager server. To allow connections from additional locations, the IP addresses must be added to the rule. The syntax for multiple IP addresses is dependent on the Voyager version:
Voyager 7.0.1 - 8.0.0 (separate with commas):
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1, 123.45.6.789"/>
Voyager 8.1.0 and higher (separate with pipe symbols and write as regular expression):
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1|123\.123\.123\.123|192\.168\.0\.\d+"/>
For configuring more complicated rules please contact support, there are also several free tools available on the Internet which can aid in developing regular expressions for specific IP ranges.
- Once the rule has been correctly configured, tomcat should be restarted to put the change into effect. Test both webvoyage, and vxws services from each allowed location to ensure that the rule is configured correctly.
Additional Information
See also:
- Additional information on RemoteAddrValve
- Call to Voyager VXWS web service results in "Voyager VXWS URL Not Found"
- Article last edited: 01-Mar-2016