Issue
Need to disable HTTP access for both SOAP web service and Web Client to allow HTTPS access only.
Product Line
EcoStruxure Security Expert
Environment
- Security Expert Server
- Security Expert SOAP Web Service
- Security Expert Web Client
Cause
Need to disable HTTP access for enhanced cybersecurity
Resolution
Disable HTTP access for SOAP:
- Navigate to the SOAP IIS Directory, by default this is "C:\inetpub\wwwroot\SecurityExpertSOAPService" and open the "Web.config" file using a text editor such as Notepad or Notepad++.
- Scroll down to the <services> section and comment out the following two lines:
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpEndpointBinding" contract="GXWCF2.IService1" /><endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
- To confirm that the HTTPS version of the service is accessible, paste the following link into
the URL bar and replace the placeholders with the relevant values: https://<pcname>.<domainname>:<portnumber>/SecurityExpertSOAPService/service.svc. A web page will open with a message saying that the service has been created, this confirms SOAP is working correctly.
Disable HTTP access for Web Client:
- Open Internet Information Server (IIS) manager.
- Right click on the SecurityExpertWeb site and select "Edit Bindings".
- Remove the HTTP site binding.
Configure Web Client to connect to SOAP via HTTPs:
- Navigate to the IIS directory for the Web Client, by default this is "C:\inetpub\wwwroot\SecurityExpertWebClient". Go to the 'include' directory and open the file 'soap.connect.php"
- Modify the address on the $wsdl = to the HTTPS SOAP address, and change the port number as well. Additionally, 'localhost' does not work, and it must be changed to hostname with qualified domain name. See below image for reference:
