Besides doing this, you can also use basic authentication or have the applications pass in a user name and password inside of the SOAP message. Having the caller send in a user name/password also gives you the ability to determine who exactly did the update.

Matt
------------------------------

message: 3
date: Wed, 30 Mar 2011 12:11:08 -0700
from: Dean Eshleman <Dean.Eshleman@xxxxxxxxxxxx>
subject: Re: [WEB400] Web services security

I fixed the subject line.

So, if my URL for the web service is something like "http://Mywebservices.mma-online.org:9999/MyApplication/services/MyWebService";, I would use the following?

<Location /MyApplication>
Order allow, deny
Allow from 20.1.2.10
</Location>

Since "/MyApplication" isn't really a directory under the Apache server, I assumed that I couldn't use the <Directory> section. I was looking at this section of the Apache manual http://httpd.apache.org/docs/2.0/sections.html.

Dean Eshleman,
Software Development Architect

Everence Financial
1110 North Main Street
PO Box 483
Goshen, IN 46527
Phone: (574) 533-9515 x3528
www.everence.com

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of TAllen@xxxxxxxxxxxx
Sent: Wednesday, March 30, 2011 2:31 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Post to the Web400 mailing list

I don't have the Apache manual handy but you can certainly limit access to the web service URL by IP address. This can be done with any URL. Of course IP addresses can be spoofed but if this is only internal then that should suffice.

Thanks,
Todd Allen
EDPS
Electronic Data Processing Services
tallen@xxxxxxxxxxxx

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.