Web Server Security
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
In the deployment of a voice response application, the Web server responds to requests from Speech Server to provide application resources (such as grammar files and prompt databases). The Web server can be locally hosted on the same computer that runs Speech Server, but it can also be remote. If the Web server is remote, a malicious user could monitor the network traffic, making sensitive information (such as employee names in a grammar file) vulnerable to unwanted access.
By default, Speech Server requests resources using HTTP, which is not encrypted. If there is a risk that communications between Speech Server and the Web server can be intercepted, consider configuring the Web server to use the Secure Sockets Layer (SSL) protocol, which uses the HTTPS address format, authenticates the client requests, and encrypts the messages.
|If you are deploying SALT or VoiceXML applications, make sure you configure SSL only for the application's virtual directories and not the entire Web site. Specifically, do not apply SSL to the OcsXhtmlApplication or OcsVoiceXmlApplication virtual directories. These virtual directories are required by Speech Server to enable SALT and VoiceXML applications deployed on the computer. If SSL is applied to these virtual directories, SALT and VoiceXML applications stop responding.|
For more information about setting up SSL for Internet Information Services (IIS), see Configuring SS.
By default, ASP.NET limits the size of file uploads to approximately 4 MB. This configuration helps prevent denial of service attacks. In most cases, the default configuration is desirable. However, if your SALT or VoiceXML application routinely works with larger files (such as long voice mail recordings), you must enable support for larger files. To do this, add the following configuration setting to the Web.config file for the application or the Machine.config file for the computer running IIS.
<configuration> <system.web> <httpRuntime maxRequestLength="insert value here" /> </system.web> </configuration>
Enter a value for maxRequestLength, in kilobytes, that specifies the desired upper size limit. For example, enter 8,000 to specify an upper limit of 8 MB.