Sequel Web Interface (SWI) provides access to your Sequel views, reports, scripts, and data using a web browser. This browser access to system objects is controlled by standard System i object level authority. To secure access to your System i you must configure the Apache Server to require UserId/Password authentication.

Note: All the directives below are specific to securing access to SEQUEL objects using SWI and will not impact any other application running on the same Apache instance.


User Id and Password Security Directives

Your SWI configuration may need to be modified to implement secure sign on. Follow the directions below to add the necessary security directives.

The APACHE HTTP server is controlled through a configuration file accessible through a web browser. To access the configuration management options, you must have previously started the ADMIN server instance. If the ADMIN server has not been started, issue the following command:

STRTCPSVR *HTTP HTTPSVR(*ADMIN)

You can now get to the server manager in a web browser by using the following URL:

http://:2001

The directives below define a ‘security protocol’ and indicate that any request starting with /secure will be prompted for user id and password.


Require valid-user 
AuthType Basic
AuthName Secure_SYSTEMi   
PasswdFile %%SYSTEM%% 
UserID %%CLIENT%%

(replace the value-SYSTEMi-in line 4 with your System i server name)

The following directives are also required and will invoke the security protocol above.

AliasMatch ^/secure/SEQUEL/(.*) /SEQUEL/SWI/$1 
ScriptAliasMatch ^/secure/SEQUEL(.*) /QSYS.LIB/SEQUELWI.LIB/SWIROUTER.PGM


Product Defaults

You may want to change the product defaults to deny access to ‘Select Requests’ and ‘Spooled File Requests’.

Use the command - SEQUELWI/SWISETDFT - to access the SWI defaults and make any desired changes.


Sample Apache HTTP Configuration

#--Change XXXXX below to your system name. 
ServerName XXXXX
Listen 80
LogLength 2048000
KeepAliveTimeout 4 
CGIConvMode %%MIXED/MIXED%%
AddType application/octet-stream .dll 
ErrorLog logs/basic_error_log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" combined 
LogFormat "%{User-agent}i" agent
LogFormat "%{Referer}i -> %U" referer 
LogFormat "%h %l %u %t \"%r\" %>s %b" common 
CustomLog logs/access_log combined

 Order allow,deny 
 Allow from All 
 Options +ExecCGI
 
 
 Order allow,deny 
 Allow from All

 
 Order allow,deny 
 Allow from All

#
#++++BEGIN SECURITY SECTION++++
#--replace SYSTEMNAME with your system name
#
<Location/secure/> 
 Require valid-user 
 AuthType Basic
 AuthName Secure_SYSTEMNAME 
 PasswdFile %%SYSTEM%% 
 UserID %%CLIENT%%

#
#++++END SECURITY SECTION++++
#
ScriptAliasMatch ^/secure/SEQUEL(.*) /QSYS.LIB/SEQUELWI.LIB/SWIROUTER.PGM 
AliasMatch ^/secure/SEQUEL/(.*) /SEQUEL/SWI/$1
AliasMatch ^/secure/tmp/(.*) /tmp/$1

 

 

Note: You can obtain the above configuration as a text file from SEQUEL Technical Support.

 

 

 

 

 


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: April 21, 2017