[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOAPAction and Watchguard firewall


I came to the same conclusion after I sent the email.  I found the problem
in my program.  It was so stupid I don't want to talk about it.  The
SOAPAction is working just fine using HTTPS.  I'm getting a different SOAP
reject response now and it either has to do with the XML syntax or I need
to encode some of the special characters that are picked up when a credit
card is swiped.  I'm using the HTTP_SetCCSIDs to specify UTF-8 translation.

Thanks for your response and many thanks for the work you and the group
have put into the HTTPAPI project.

Rusty Gadberry
Arkansas Data Services, Inc.
Makers of DOCS/400
501-327-8000 office

This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law. If
you are not the intended recipient, you should delete this message.  Any
disclosure, copying, or distribution of this message, or the taking of any
action based on it, is strictly prohibited.

             Scott Klement                                                 
             com>                                                       To 
             Sent by:                  HTTPAPI and FTPAPI Projects         
             ftpapi-bounces@li         <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>     
             sts.scottklement.                                          cc 
                                       Re: SOAPAction and Watchguard       
             09/06/2006 11:25          firewall                            
             Please respond to                                             
                HTTPAPI and                                                
              FTPAPI Projects                                              

> After applying the above change to the firewall the web service starting
> work using HTTP but fails using HTTPS with the same SOAP response as

There's no way that your firewall can view or change HTTP headers in an
SSL connection. The SSL connection is encrypted, and cannot be decrypted
except by destination server.

If your firewall could decrypt the data in order to tell what the headers
are, a hacker could also decrypt the document.  The point behind HTTPS is
to guarantee that nobody was able to read or tamper with the HTTP session.

> I don't think this problem is related to the firewall. In reviewing the
> it appears that the "SOAPAction:
> http://tempuri.org/TransGateway/Transact/PostXML"; is missing on the

Are you passing this string in the peSoapAction parameter to HTTPAPI?

You also show "UTF-8" as your character set, both in the content-type and
in the encoding parameter of the XML document.  Are you sure that it's in
UTF-8 format?  This would require you to jump through extra hoops to
achieve, since HTTPAPI typically encodes things in ISO-8859-1

This is the FTPAPI mailing list.  To unsubscribe, please go to:

This is the FTPAPI mailing list.  To unsubscribe, please go to: