| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ client access violation |
« View previous topic :: View next topic » |
| Author |
Message
|
| pitchawi |
 Posted: Tue Feb 23, 2010 7:50 am Post subject: MQ client access violation |
 |
|
Newbie
Joined: 16 Feb 2010
Posts: 2
|
Is there anyway we can restrict MQ client connections from list of specific servers / IPs ?
We have a MQ server in production server and all the applications makes MQ client connection to the MQ manager. Recently, one of the dev MQ client application accidently conneted to prod MQ manager . You can imagine the impact 
All our prod servers are follwing the name like *pap, while all dev servers follow *dap. So, is there a way to block all connections from *dap in MQ server level ?
Thanks
Wilson |
|
| Back to top |
|
 |
| Gaya3 |
| Posted: Tue Feb 23, 2010 7:56 am Post subject: Re: MQ client access violation |
|
|
Jedi
Joined: 12 Sep 2006
Posts: 2493
Location: Boston, US
|
| pitchawi wrote: |
We have a MQ server in production server and all the applications makes MQ client connection to the MQ manager. Recently, one of the dev MQ client application accidently conneted to prod MQ manager . You can imagine the impact
|
its MQ Admins mistake
There is something called SSL/ Security Exists
Learn about Authentication/ Authorization too
http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzaf.doc/cs11880_.htm
_________________
Regards
Gayathri
-----------------------------------------------
Do Something Before you Die |
|
| Back to top |
|
|
| zpat |
| Posted: Tue Feb 23, 2010 8:38 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
The (free) BlockIP2 exit can do exactly this. You can list allowed connections using IP names or IP numbers.
If you need an example of the config please let me know. |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Feb 23, 2010 11:31 am Post subject: Re: MQ client access violation |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| pitchawi wrote: |
| ...All our prod servers are follwing the name like *pap, while all dev servers follow *dap... |
If you are genuinely using wildcards then make sure you distribute dev level CCDT's to Dev, and prod level CCDT's to Production - that way the only connections will be from the client to the appropriate environment.
| pitchawi wrote: |
| ...So, is there a way to block all connections from *dap in MQ server level ?... |
Without using something like BlockIP2 or SSL (which you should be anyway, at least in Production), no if you are using wildcards, but see the above.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Wed Feb 24, 2010 1:25 pm Post subject: Re: MQ client access violation |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| pitchawi wrote: |
| Is there anyway we can restrict MQ client connections from list of specific servers / IPs ? |
You may want to look at either MQAUSX or MQSSX as both of these MQ security solutions have this feature.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
