Sequel Web Interface (SWI) provides access to your Sequel views, reports, scripts, and data using a web browser. This browser access to system objects is controlled by standard System i object level authority. To secure access to your System i you must configure the Apache Server to require UserId/Password authentication.
Note: All the directives below are specific to securing access to SEQUEL objects using SWI and will not impact any other application running on the same Apache instance.
Your SWI configuration may need to be modified to implement secure sign on. Follow the directions below to add the necessary security directives.
The APACHE HTTP server is controlled through a configuration file accessible through a web browser. To access the configuration management options, you must have previously started the ADMIN server instance. If the ADMIN server has not been started, issue the following command:
STRTCPSVR *HTTP HTTPSVR(*ADMIN)
You can now get to the server manager in a web browser by using the following URL:
http://:2001
The directives below define a ‘security protocol’ and indicate that any request starting with /secure will be prompted for user id and password.
Require valid-user AuthType Basic AuthName Secure_SYSTEMi PasswdFile %%SYSTEM%% UserID %%CLIENT%% (replace the value-SYSTEMi-in line 4 with your System i server name)
The following directives are also required and will invoke the security protocol above.
AliasMatch ^/secure/SEQUEL/(.*) /SEQUEL/SWI/$1
ScriptAliasMatch ^/secure/SEQUEL(.*) /QSYS.LIB/SEQUELWI.LIB/SWIROUTER.PGM
You may want to change the product defaults to deny access to ‘Select Requests’ and ‘Spooled File Requests’.
Use the command - SEQUELWI/SWISETDFT - to access the SWI defaults and make any desired changes.
#--Change XXXXX below to your system name. ServerName XXXXX Listen 80 LogLength 2048000 KeepAliveTimeout 4 CGIConvMode %%MIXED/MIXED%% AddType application/octet-stream .dll ErrorLog logs/basic_error_log LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" combined LogFormat "%{User-agent}i" agent LogFormat "%{Referer}i -> %U" referer LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog logs/access_log combined Order allow,deny Allow from All Options +ExecCGI Order allow,deny Allow from All Order allow,deny Allow from All # #++++BEGIN SECURITY SECTION++++ #--replace SYSTEMNAME with your system name # <Location/secure/> Require valid-user AuthType Basic AuthName Secure_SYSTEMNAME PasswdFile %%SYSTEM%% UserID %%CLIENT%% # #++++END SECURITY SECTION++++ # ScriptAliasMatch ^/secure/SEQUEL(.*) /QSYS.LIB/SEQUELWI.LIB/SWIROUTER.PGM AliasMatch ^/secure/SEQUEL/(.*) /SEQUEL/SWI/$1 AliasMatch ^/secure/tmp/(.*) /tmp/$1
Note: You can obtain the above configuration as a text file from SEQUEL Technical Support.
Still have questions? We can help. Submit a case to Technical Support.