-
1. Re: whitelist
Glen Robinson Jan 26, 2017 6:04 AM (in response to jens.bruckmann)Hi Jens
Just checking that the command you are using has forward slashes, and not back slashes
tabadmin whitelist_webdataconnectors -a http:\\192.178.0.1\test\connector.html
should be
tabadmin whitelist_webdataconnectors -a http://192.178.0.1/test/connector.html
All the best
Glen
-
2. Re: whitelist
jens.bruckmann Jan 26, 2017 6:09 AM (in response to Glen Robinson)Sorry Glenn,
this was a simple typo
nevertheless do I really need the second whitelist?
-
3. Re: whitelist
Glen Robinson Jan 26, 2017 6:22 AM (in response to jens.bruckmann)Hi Jens
Is that a typo you made when running tabadmin or when you posted to this site?
The documentation states that you need to add the second whitelist.
For each connector that you add to the safe list, you must also create a secondary safe list specific to that connector. This secondary safe list determines which domains the connector can send requests to and receive requests from. This helps ensure that connectors do not send information to untrusted domains.
However, I just tested using the EarthQuake Example connector, haven't added the secondary, and it works fine.
So, I dont know. I guess it wouldn't cause any harm to add it..
So your commands would be something like
tabadmin whitelist_webdataconnectors -a http://192.178.0.1/test/connector.html
tabadmin whitelist_webdataconnectors -s http://192.178.0.1/test/connector.html https://aaa.bbb.com
Hope this works
Glen
-
4. Re: whitelist
jens.bruckmann Jan 26, 2017 6:28 AM (in response to Glen Robinson)Typo by Posting not in the tabadmin command
you know I understand I can add them, but I really don´t know for which purpose I need to add them. This is something which I do not understand. Maybe I simply need some detailed examples and some more words to understand this
-
5. Re: whitelist
Patrick A Van Der HydeJan 26, 2017 11:44 AM (in response to jens.bruckmann)
Jens - I moved this thread to Web Data Connector where some of our devs and others specifically focused on the WDC are on the lookout for questions/issues with the WDC.
Patrick
-
6. Re: whitelist
Brendan LeeJan 26, 2017 11:57 AM (in response to jens.bruckmann)
1 of 1 people found this helpfulHey Jens,
The purpose of the secondary whitelist is to provide increased security for our users and give our Server Admins more peace of mind. You must use the secondary whitelist to whitelist any endpoint that your connector talks to. For example, if your connector (at http://someIPaddress/test/connector.html) is trying to access a GET rest api from http://restapi/api/resource, you would need to add a secondary whitelist entry for http://restapi/api/resource (or http://restapi/api/*). Without that entry, we will not let the request succeed on Tableau Server.Consider this potential attack vector if this wasn't required:
- Mal (a malicious user) creates a WDC and hosts it at http://abc/wdc.html. This WDC is harmless and just pulls from some public REST API.
Because of the secondary whitelist, that attack vector is not possible. Does that help?
-Brendan -
7. Re: whitelist
jens.bruckmann Jan 30, 2017 3:35 AM (in response to Brendan Lee)Hi Brendan,
thanks a lot for this explanation. It definitly makes sense and I understand now for what I need the whitelist. So in my case it is:
whitelist the webdataconnector itself anf whitelist the domain where the webdataconnector is getting the Data from.
So I made this happen and now I am getting every day a mail the refresh did not work. Now we come to the interesting bit. When I do the refresh manually it works without issues.
Any Idea?
-
8. Re: whitelist
Lasse Thorenfeldt Feb 27, 2017 4:32 PM (in response to jens.bruckmann)Hi Jens,
When you say "do the refresh manually", do you mean from Tableau Desktop, or by initiating a "run now" on the Refresh Schedule on Server? I'm just trying to find out if your issue is the same as the one I'm currently seeing.
Lasse
-
9. Re: whitelist
jens.bruckmann Mar 1, 2017 4:52 AM (in response to jens.bruckmann)hi Lasse,
no I did not speak about refreshing in tableau desktop. a run now on the refresh schedule
-
10. Re: whitelist
Jamieson Christian Nov 2, 2017 9:34 AM (in response to Brendan Lee)Brendan Lee can you clarify whether a secondary domain whitelist is moot when the WDC is imported? In other words, does the act of importing the WDC remove all restrictions with regard to the domains that the WDC can talk while gathering its data?
In reading the documentation, I noticed that The Import Method made no mention of configuring a secondary domain whitelist. But I don't want to have IT run an experiment until I know exactly what does and does not need to be configured to ensure access to external domains for an imported WDC.
Thanks!