Optional security for the Web Gateway

There are security configuration steps that are not required before you can use the Web Gateway. These optional steps can add extra security to your Web Gateway and your WebSphere® MQ File Transfer Edition network. The optional steps are filtering Web Gateway requests and enabling sandboxing on destination agents.

Filtering Web Gateway requests

As a Web Gateway administrator (with a wmqfte-admin role), you can filter HTTP requests to the Web Gateway by using the servlet filtering functions that are provided by your application server. Servlet filtering allows HTTP requests to be parsed and optionally rejected or modified before the request is delivered to the Web Gateway. WebSphere MQ File Transfer Edition includes a sample implementation of a servlet filter, which demonstrates this capability.

For example, for security reasons you might want to reject any requests that use the x-fte-postdest header to specify a command to execute after a file transfer has completed. Alternatively you might want to modify one of the values in the request, such as the queue manager name.

For more information about the sample servlet filter, see Filtering requests with the sample servlet filter.

Sandboxing on destination agents

When uploading files to a destination agent using the Web Gateway, you can upload the file to an absolute path on the destination agent's system. If you do not want to allow transfers from the Web Gateway to have access to the entire file system of the destination agent, you must configure agent sandboxes or user sandboxes on any agent that is the destination of a Web Gateway file upload.

For more information about the user sandboxing, see Working with user sandboxes. For more information about agent sandboxing, see Working with agent sandboxes.


Concept Concept

Feedback

Timestamp icon Last updated: Tuesday, 30 January 2018
http://www.ibm.com/support/knowledgecenter/SSEP7X_7.0.4/com.ibm.wmqfte.doc/web_security_opt.htm