Accessing the Web Gateway Management Pages
By default, only clients local to the Web Gateway’s hosting computer can access the Web Gateway management pages, so that the browser you use to access these pages must be running on the same machine as the web server and the Web Gateway. For example:
Be sure to include the cxw file extension. (Also, if you are using Apache, remember that URL paths and files names are case-sensitive under Apache.)
For more information on default InterSystems IRIS web service server port numbers, see the WebServerPort entry of the Configuration Parameter File Reference.
When you try to access these pages, you are asked for a username and password. Look for the username in the configuration file. The password is the one that you entered during the InterSystems IRIS installation. If you forget the password, see Security.
Note that you can also access these pages from the InterSystems Management Portal. Navigate to System Administration > Configuration > Web Gateway Management. The same considerations apply with respect to client addresses.
Enabling Access from Additional Client Addresses
You can add additional clients to the list of authorized administrators by adding the client IP addresses to the System_Manager parameter in the SYSTEM section in the configuration file. This parameter represents a comma- or plus-separated list of clients (by IP address) who may access the Web Gateway management pages. The directive shown below grants access to three remote clients in addition to the default local access.
System_Manager=18.104.22.168, 22.214.171.124, 126.96.36.199
For new Gateway installations, for which there is no local browser available, manually edit the configuration file and add the System_Manager parameter, which is equivalent to the Systems Manager Machines setting, found under the Default Parameters section of the Web Gateway management pages. You can specify wildcard and numeric ranges in the entries for this parameter.
If you attempt to load the Web Gateway management pages, and the browser fails to load the page, giving an error You are not authorized to use this facility, this is likely due to the System_Manager setting blocking access to your IP address.
The following example indicates that the last part of the IP address can take the value of a number between 4 and 6 inclusive.
The previous example is a more convenient way of writing:
System_Manager=188.8.131.52, 184.108.40.206, 220.127.116.11
You can also use wildcards, such as, in this example:
The following directive grants access to all clients:
However, it is not recommended to use such a directive on operational systems; this approach does not provide strong security, because client IP addresses can be spoofed.
The use of a proxy between the client and the web server/Gateway installation effectively translates all client IP addresses to that of the proxy. In this scenario, you would have to either specify the proxy’s IP address as a Gateway Systems Manager (which would effectively grant access to all web users coming in through the proxy) or, preferably, enable the designated systems managers to bypass the proxy layer altogether.
The IP-based scheme, while useful as a first line of defense, should not be relied upon as the sole means through which access to the Web Gateway management pages is controlled – certainly not for CSP installations that are available over the internet. For production systems, it is recommended that you use the hosting web server configuration to control access to the Web Gateway systems management modules.
The following table shows the options available on the Web Gateway Management Main Menu page.
|About Web Gateway
|Shows information about the Web Gateway, including the version of the InterSystems IRIS distribution, the Web Gateway build number, the version of OpenSSL that is loaded, the version of the hosting web server, the active interface, the name and location of the Web Gateway configuration file (CSP.ini), and the name and location of the event log (CSP.log). The Web Gateway build number is made up of two numeric components. The first number indicates the version of InterSystems IRIS. The second number is the internal Web Gateway build number.
|Displays the status of active server connections. Also allows you to close connections and clear the Web Gateway cache.
|Test Server Connection
|Tests the connection to an InterSystems IRIS server by opening a stateless session.
|View Event Log
|Allows you to view information in the Web Gateway Event Log, as well as clear its contents. This log is a file maintained on the web server host.
|View HTTP Trace
|Provides an interactive view of the HTTP requests and responses processed by the Web Gateway.
|Allows you to configure the Web Gateway on a specific web server. Also, it allows you to customize CSP responses to errors and other conditions.
|Configures Web Gateway access to a specific InterSystems IRIS server.
|Configures the access to an application according to the application path. Path, in this context, refers to the path contained within the application URLs.
|Back to Management Portal
|Returns to the InterSystems IRIS Management Portal page.
These pages include a Help button.
Localization of the Web Gateway management pages is based on the contents of the file CSPres.xml, if it is installed. If no localization file is present, the Web Gateway management pages use the embedded English text. The language settings of the browser have no influence on this mechanism.
You can support alternative languages by installing the appropriate text resource file as a file named CSPres.xml in the Web Gateway’s home directory. When the Web Gateway starts or restarts, it loads the text resources found in CSPres.xml and the Management forms then appear in the chosen language.
To create a CSPres.xml file, rename the appropriate CSPres_xx.xml file in the InterSystems IRIS bin directory to CSPres.xml.
For example, to convert to Spanish:
Rename CSPres_es.xml to CSPres.xml
Restart the web server. You must restart because the language text affects the CSP module for the given web server.
To convert back to English:
Rename CSPres.xml back to CSPres_es.xml
Restart the web server.