 |
|
|
 | Firewalls and Ports while Using the TCP/IP Protocol |  | Client - Server Communication and Network Protocols | Verifying SQL Server Identity in a Network |  |
Client access to an SQL server can be restricted by various firewalls in a company network. However, the port used by a web server (usually 80) is often freely accessible. Therefore, you can use a technique for surpassing firewalls called HTTP-tunneling. The principle of HTTP-tunneling is:
HTTP-tunneling cannot be used on a 602SQL Server that runs on the same computer as a web server running on port 80.
To take a port of lower number (than 80) requires - on Linux - administrator permission, therefore 602sql server must be run for this purpose under the root account despite the fact that all other activities will be executed under another account - you can find details of running under another account on page SQL server operation on Linux.
The options to connect via an HTTP-tunnel is set on the Security page of the Runtime parameters dialog in the System folder.
Enable and setup HTTP tunneling in the Protocols and Ports dialog in the System folder.
If you check the HTTP tunneling of network protocol option, the SQL server will (starting on the next startup) accept connection also on the port specified in the HTTP tunneling port number field (default 80) and will use it for HTTP protocol communication.
You may restrict access to the SQL server through the HTTP tunnel on the Security tab of the Runtime parameters dialog in the System folder.
The Restrict HTTP access only to the user account combobox allows you to pick a user account that will have HTTP-tunnel access enabled. Connecting with a different user name will cause the "This user account is disabled {235}" error. If no user account is specified, you can use any account.
If the anonymous user is enabled, you can use the anonymous account on the HTTP-tunnel as well, regardless of the specified HTTP access restrictions.
A client that wants to access a 602SQL Server via an HTTP-tunnel must register this server and in the Address of the SQL server section set the port number to 80. It is also required to check the Connect through an HTTP-tunnel checkbox.
Each 602SQL Server can be registered multiple times under different names, once for access using the normal port and another for access via an HTTP-tunnel on port 80. However, if the first port works, there is usually no need to use the second one.
If IP filtering is set on a server, this filtering does not affect the HTTP-tunnel access. The reason for this is that the HTTP-tunnel is meant as an access tool for the outside world.
If the 602SQL Server has a certificate and requires encrypted client access, the HTTP-tunnel communication is also encrypted. The communication protocol is similar to the HTTPS protocol.
| Firewalls and Ports while Using the TCP/IP Protocol | | Client - Server Communication and Network Protocols | Verifying SQL Server Identity in a Network | |