Secure Publish Web Service

Secure Publish Web Service

The preview functionality exploits security vulnerability. To prevent this, the IP address of the calling web service will always be checked. Therefore, the allowed IP address (ranges) in the 'PublishWebServiceIpCheck' configuration value must be specified. By default the calls from the server where the Starter Site is installed are allowed.

If the Starter Site and the backoffice are installed on the different servers you should add the backoffice IP address to the configurable list of allowed IP addresses.

To configure the allowed IP address (ranges):

• Open the 'web.config' file which is located in: 'SDK\StarterSite\Management\Web.config';
• Locate 'PublishWebServiceIpCheck' application setting:

<?xml version="1.0"?>
<configuration>
           <appSettings>
                    <add key="PublishWebServiceIpCheck" value="127.0.0.1"/>
          </appSettings>
</configuration>

• Specify allowed IP addresses (ranges).

Possible IP (ranges) formats: regular IP (e.g. 192.0.0.1); IP with wildcards (e.g. 10.*.*.*); IP range (e.g. 134.52.100.100-134.52.100.255). Multiple values can be separated by the '|' character.