Secure Publish Web Service

Secure Publish Web Service

The Publish Web Service should be secured to prevent the preview functionality from being a security vulnerable. The IP address of the calling web service will always be checked. Therefore, the allowed IP address (ranges) in the 'PublishWebServiceIpCheck' configuration value must be specified.

By default the calls from the server where the Starter Site is installed are allowed. Thus if the Starter Site and backoffice are installed on the same server this chapter should be skipped.

In case if the Starter Site and the backoffice are installed on the different servers you should add the backoffice IP address to the configurable list of allowed IP addresses.

To configure the allowed IP address (ranges):

Step 1: Open the 'web.config' file which is located in: 'SDK\StarterSite\Management\Web.config'.

Step 2: Locate 'PublishWebServiceIpCheck' application setting:

<?xml version="1.0"?>
<configuration>
           <appSettings>
                    <add key="PublishWebServiceIpCheck" value="127.0.0.1"/>
          </appSettings>
</configuration>

Step 3: Specify allowed IP addresses (ranges).

Possible IP (ranges) formats: regular IP (e.g. 192.0.0.1); IP with wildcards (e.g. 10.*.*.*); IP range (e.g. 134.52.100.100-134.52.100.255). Multiple values can be separated by the '|' character.