Try OpenEdge Now
skip to main content
WebSpeed Essentials
Running and Deploying WebSpeed Applications : WebSpeed security : Securing your Web server : Minimizing access to the WebSpeed Messenger Administration tool
 
Minimizing access to the WebSpeed Messenger Administration tool
If the Messenger Administration tool is enabled, users can see your configuration information. This information can then be used to compromise your application.
To disable this feature, you can do one of two things: either disable the feature totally or allow only "trusted" IP addresses to access the Messenger Administration tool.
To totally disable the feature, edit the ubroker.properties file on the Web server and make sure that the AllowMsngrCmds is set to 0 (zero) in the [WebSpeed.Messengers] section and that it is not overridden in any of the [WebSpeed.Messengers.CGIIP], [WebSpeed.Messengers.WSASP], [WebSpeed.Messengers.WSISA], or [WebSpeed.Messengers.WSNSA] sections.
To allow a list of IP addresses to access the Messenger Administration tool, edit the ubroker.properties file on the Web server and set the AllowMsngrCmds to 1 (one) and the wsmAdmIPList to a comma-separated list of IP addresses that are permitted to access the Messenger Administration tool. This needs to be done in the appropriate Messenger section: [WebSpeed.Messengers.CGIIP], [WebSpeed.Messengers.WSASP], [WebSpeed.Messengers.WSISA], or [WebSpeed.Messengers.WSNSA].
If the Messenger Administration tool is enabled, you can change the default WebSpeed Messenger Error Messages, as described in OpenEdge Application Server: Developing WebSpeed Applications.
You can also verify your WebSpeed configuration. Use the following URLs to see the Messenger Administration tool:
http://www.mysite.com/scripts/cgiip.exe?WSMAdmin
Or:
http://www.mysite.com/cgi-bin/wspd_cgi.sh?WSMAdmin