Sequel Web Interface (SWI) provides access to your Sequel views, reports, scripts, and data using a web browser. This browser access to system objects is controlled by standard System i object level authority. To secure access to your System i you must configure the Apache Server to require UserId/Password authentication.
Note: All the directives below are specific to securing access to SEQUEL objects using SWI and will not impact any other application running on the same Apache instance.
Your SWI configuration may need to be modified to implement secure sign on. Follow the directions below to add the necessary security directives.
The APACHE HTTP server is controlled through a configuration file accessible through a web browser. To access the configuration management options, you must have previously started the ADMIN server instance. If the ADMIN server has not been started, issue the following command:
STRTCPSVR *HTTP HTTPSVR(*ADMIN)
You can now get to the server manager in a web browser by using the following URL:
http://:2001
The directives below define a ‘security protocol’ and indicate that any request starting with /secure will be prompted for user id and password.
Require valid-user AuthType Basic AuthName Secure_SYSTEMi PasswdFile %%SYSTEM%% UserID %%CLIENT%% (replace the value-SYSTEMi-in line 4 with your System i server name)
The following directives are also required and will invoke the security protocol above.
AliasMatch ^/secure/SEQUEL/(.*) /SEQUEL/SWI/$1
ScriptAliasMatch ^/secure/SEQUEL(.*) /QSYS.LIB/SEQUELWI.LIB/SWIROUTER.PGM
You may want to change the product defaults to deny access to ‘Select Requests’ and ‘Spooled File Requests’.
Use the command - SEQUELWI/SWISETDFT - to access the SWI defaults and make any desired changes.
#--Change XXXXX below to your system name.
ServerName XXXXX
Listen 80
LogLength 2048000
KeepAliveTimeout 4
CGIConvMode %%MIXED/MIXED%%
AddType application/octet-stream .dll
ErrorLog logs/basic_error_log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" combined
LogFormat "%{User-agent}i" agent
LogFormat "%{Referer}i -> %U" referer
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log combined
Order allow,deny
Allow from All
Options +ExecCGI
Order allow,deny
Allow from All
Order allow,deny
Allow from All
#
#++++BEGIN SECURITY SECTION++++
#--replace SYSTEMNAME with your system name
#
<Location/secure/>
Require valid-user
AuthType Basic
AuthName Secure_SYSTEMNAME
PasswdFile %%SYSTEM%%
UserID %%CLIENT%%
#
#++++END SECURITY SECTION++++
#
ScriptAliasMatch ^/secure/SEQUEL(.*) /QSYS.LIB/SEQUELWI.LIB/SWIROUTER.PGM
AliasMatch ^/secure/SEQUEL/(.*) /SEQUEL/SWI/$1
AliasMatch ^/secure/tmp/(.*) /tmp/$1
Note: You can obtain the above configuration as a text file from SEQUEL Technical Support.
Still have questions? We can help. Submit a case to Technical Support.