How can I configure Qlik Replicate UI server to only bind to a specific IP address instead of all IP addresses on the server.
I am able to do this for Qlik Replicate server by adding an entry for "address": "127.0.0.1" in the repctl.cfg file. So the output for 3552 is as per below:
A bit off topic from this thread, but for the benefit of anyone else also following this thread, we also have a case open with Qlik Support team on why the cipher configuration done at Windows level did not take effect for Qlik Replicate. It worked for Qlik Replicate UI but not Qlik Replicate. Case details below:
As per Desmond's explanation, the Qlik Replicate Server (repctl.exe) does not use HTTP.SYS and it is a native C program that serves as a web server on port 3552.
That should explain why the configuration at Windows to disable the non-compliant ciphers did not take effect for Qlik Replicate Server.
In that case, we will need input from R&D, for Qlik Replicate Server, since it is serving as a web server itself on port 3552 and does not leverage on HTTP.SYS, then how would the OS level cipher configuration take effect on Qlik Replicate Server. And how do we disable the weak cipher for Qlik Replicate Server.
It seems that the Qlik Replicate UI Server (running on port 443) is designed to bind to all IP addresses on the server1. This is because the UI needs to be accessed not just from the server where Replicate is installed but from outside as well1.
You were able to limit the IP address binding for the Qlik Replicate Server (running on port 3552) by adding an entry for “address”: “127.0.0.1” in the repctl.cfg file1. However, this method may not apply to the Qlik Replicate UI Server.
As per my experience, the issue might be related to http.sys and it could be a Windows issue. You might want to look into that.
I recommend reaching out to Qlik Support or consulting the official Qlik documentation. They might be able to provide more specific guidance or a workaround for your situation.
There is no configuration for setting cipher on Replicate. Replicate checks which cipher can be used at the OS level. If you remove cipher at OS level, it will be applied the same on the Replicate because OS is a higher layer than the application layer.
Regards, Desmond
Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!
We have already removed the weak ciphers at the OS level and even got Microsoft Premium Support services to look into it and verify this.
Furthermore, the ciphers did get removed for Replicate UI (443). But it is still not removed for Replicate Server (3552). Since Replicate Server does not use HTTP.SYS, that is why I suspect there may be another configuration that handles the ciphers for Replicate Server.
