Security Guide - Secure and Non-Secure Web Ports (Original WebX) (Configuring Security and Connection Settings for Original WebX Clients)

Secure and Non-Secure Web Ports (Original WebX)

This topic is associated with Original WebX.

There are two types of port that you can set up when configuring the WebX settings in the Server Configuration Tool:

Non-secure web ports—These ports allow an Original WebX client to access Geo SCADA Expert via the standard http protocol.
The standard http protocol is not encrypted. An HTTP Port will typically provide insecure access—the communications traffic between the Original WebX client and Geo SCADA Expert server is not encrypted and may be susceptible to unauthorized access. The data can be seen by anybody who has physical access to the network and appropriate network monitoring tools. However, the local IIS reverse proxy connects to the HTTP Port and provides secure access to the local Geo SCADA Expert server (which is on the same machine) via its own configured port.
Secure web ports—These ports allow an Original WebX client to access Geo SCADA Expert via the secure https protocol.
The standard https protocol is encrypted. An HTTPS Port provides secure access—if somebody is monitoring the network, they will be unable to see the content of the traffic between the Original WebX client and Geo SCADA Expert server.
When a web browser accesses a web server via the secure sockets protocol (https), the web browser will request the server's SSL certificate. The web browser uses the information in the certificate to:
- Check that the web browser is communicating with the correct web server
- Establish a secure encrypted connection to that web server.
If the web server is using the deprecated HTTPS Support settings and an administrative user has not already configured an SSL certificate in the web server, Geo SCADA Expert will automatically create a top-level non-trusted SSL certificate for that web server (see Define the Certificate Settings for Original WebX Clients).
With Geo SCADA Expert 2021 onwards, the HTTPS Support properties in the WebX section of the Server Configuration Tool are deprecated and provided only as a fallback. The HTTPS Support properties will be removed in a future version of this product.
For improved security, instead of using the settings that are configured in the HTTPS Support section, Original WebX clients are now expected to connect to an IIS reverse proxy which connects to the Listen Port (see Define the Listen Port Settings for Original WebX Clients).

NOTICE

loss of communication

Ensure that the WebX configuration is not set up so that all of the following apply:

The Allow local connections only check box is selected in the Listen Port section of the WebX settings
The deprecated HTTPS Support is disabled
A local IIS reverse proxy is not in use.

If all of the above settings apply, then the Original WebX client will be unable to connect to the Web server. In addition certain features in ViewX and Virtual ViewX will not function correctly.

Failure to follow these instructions can result in loss of communications between Geo SCADA Expert and the Original WebX client.

Use the relevant sections of the WebX settings in the Server Configuration Tool to specify the port settings for the Web server. For more information, see the topics that are listed in the gray footer section at the bottom of this topic. Select the relevant entry to display the topic that you require.