Skip to main content

Advanced configuration of Qlik Web Connectors

You can adjust the default settings of the Qlik Web Connectors by changing settings in the System Settings menu or by changing the configuration values in the deploy.config file.

Tip noteWe recommend using the System Settings menu for configuration, because the password will be encrypted.

Some of the parameters you can configure:

  • The port number Qlik Web Connectors runs on (not recommended unless you have a specific application already using the default port of 5555).
  • Allow remote access from other machines on your network.
  • Allow local read/write access.
  • Setup the authentication and user accounts.
  • Setup details of a proxy server you connect to the internet through.
  • Configure the logging level to Off, Error, Warn, Info, or Trace. We recommend setting the level to at least Error.

Editing deploy.config

You can find deploy.config file in the root of your Qlik Web Connectors folder.

You will need to open the deploy.config in a text editor such as Notepad. The contents and location of deploy.config can be viewed in the System Settings page under Settings in the Qlik Web Connectors browser pages.

It is recommended that you backup the deploy.config file before editing it. When you have finished editing the file you will need to restart Qlik Web Connectors.

Port number

You can change the port number by editing this setting:

Information note

It is recommended that you use the default port number 5555. Qlik Web Connectors require the default port number if they are installed on the same server as your Qlik platform installation. If a different port number must be used, it is recommended to install Qlik Web Connectors on another server.

Allow remote access

By default, the AllowRemoteAccess element is set to "false":

<!-- Whether to allow access from remote machines (i.e. non localhost). --> <AllowRemoteAccess>false</AllowRemoteAccess>


If you want to be able to log in to Qlik Web Connectors from other machines on your network and run loads from QlikView or Qlik Sense installations running on other machines you should set this to true but you must also change the Authentication type element from None. You might also need to allowlist addresses that will be accessing Qlik Web Connectors. This can be done in the My Settings page under Settings in the Qlik Web Connectors browser pages.

To learn more about user authentication, see Setting up user authentication for the Qlik Web Connectors.

Information noteIf you allow remote access you may also need to open up the firewall on the machine to allow TCP connections to be made through the port. Qlik Web Connectors is configured on port 5555 by default. Please contact your network/system administration for assistance.
Information noteYou can leave the Authentication type element set to None but this means that anybody will be able to browse to and use the Qlik Web Connectors installation (that is, there will be no security). This is not recommended.

Require SSL

If you are allowing remote access to Qlik Web Connectors it is recommended that you also set it up so that the traffic to and from Qlik Web Connectors is encrypted using SSL.

To do this set the RequireSSL element in deploy.config to true:



Information note

When you set the RequireSSL value to true, you have to create a certificate for the Qlik Web Connectors. If you do not create a certificate the Qlik Web Connectors will not run.

Creating an SSL certificate for the Qlik Web Connectors


<Authentication> <Type>None</Type>

This can be changed to FormsAuthentication. This allows users to sign in to Qlik Web Connectors from other machines and generate load scripts which are secured with an access token and allowlisted IP addresses.

If you set this value to 'FormsAuthentication' then the following sections become relevant:

<FormsAuthentication> <CryptographyConfiguration> <!-- These values are used when encrypting the authentication cookies used for maintaining a users logged in status with Forms authentication. --> <RijndaelEncryptionProvider_Passphrase>SuperSecretPass123</RijndaelEncryptionProvider_Passphrase> <DefaultHmacProvider_Passphrase>UberSuperSecure123</DefaultHmacProvider_Passphrase> </CryptographyConfiguration> <!-- PlainTextPasswordChecker - User XML element should contain a Password element containing plain text password. SaltedPBKDF2SHA1PasswordChecker - Uses a salted hash. --> <PasswordChecker>PlainTextPasswordChecker</PasswordChecker> </FormsAuthentication>


<FormsUsers provider="FileBasedFormsUsersProvider" config="{app_root}/logins.xml"></FormsUsers>

Some sample deploy.config and logins.xml file pairs in the Sample Configs subdirectory of the Qlik Web Connectors with notes in a Readme.txt file.

The deploy.config and logins.xml files from the Sample Configs\Forms Auth and Remote Access directory sets Qlik Web Connectors up with two users and these configure Qlik Web Connectors for Forms Authentication, with remote access allowed and with the secure password management system (SaltedPBKDF2SHA1PasswordChecker).

When you have copied these into the Qlik Web Connectors root directory you should be able to log in with either:




The first user has admin privileges. You can edit the element in logins.xml to be your own username or email address.

Once logged in as Admin, you can go to the user management screen to add or edit users. To learn more on managing Qlik Web Connectors users, see Managing multiple users for Qlik Web Connectors.

Proxy server

If you are behind a proxy you will need to set UseProxy to true. By default UseProxy is set to false.

<Proxy> <UseProxy>false</UseProxy> <ProxyAddress></ProxyAddress> <ProxyUsername></ProxyUsername> <ProxyDomain></ProxyDomain> <ProxyPassword></ProxyPassword> </Proxy>
Information note

The proxy address should contain only the hostname and optional port.



You can change the logging level by changing the following element:

<!-- Valid values: Off, Trace, Info, Warn, Error --><LoggingLevel>Warn</LoggingLevel>


System wide log files will appear in the \Logs directory of the root folder. These are log files which cannot be related to a specifically defined system user.

User specific log files are logs relating to the activity of a particular user. The location of these is defined in the UserLogs section of the Providers section of deploy.config. By default this is:


<Providers> <!-- User specific log implementation. Note that the logging level is currently set using the LoggingLevel element in deploy.config and if this is set to Off it will also override this setting. --> <UserLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/{user_name}/Logs"></UserLogs> <!-- User specific API call logger. --> <UserAPICallLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/{user_name}/Logs/APICalls/{connector_id}"></UserAPICallLogs> </Providers>


Allow file system access for specified paths

Some connectors require read and write access for the local disk. Any connectors that download tables to the disk, upload files to a remote server, populate multiline input parameters from the disk, or make use any of the processParams methods, will require a defined FileSystemAccessAllowedPaths value. Multiple paths are separated by a semicolon. This element is blank by default which is equivalent to denying read and write access.


<FileSystemAccessAllowedPaths>c:\QWC\TempFiles;c:\Data</FileSystemAccessAllowedPaths> (multiple paths)
<FileSystemAccessAllowedPaths>c:\</FileSystemAccessAllowedPaths> (parent folder and all child folders and files)
<FileSystemAccessAllowedPaths>*</FileSystemAccessAllowedPaths> (all files)
<FileSystemAccessAllowedPaths></FileSystemAccessAllowedPaths> (none)

Allow automatic redirects

Some connectors can make HTTP calls to arbitrary URIs. This element lets you whitelist URIs for which automatic redirects are allowed. Multiple URIs should be delimited with a semicolon. This setting only applies to connectors that allow an arbitrary URI to be entered. Leaving it empty is equivalent to denying automatic redirects.


<RedirectWhitelist>;</RedirectWhitelist> (multiple URIs)
<RedirectWhitelist></RedirectWhitelist> (single host - includes all paths for this host)
<RedirectWhitelist>*</RedirectWhitelist> (whitelist all URIs)
<RedirectWhitelist></RedirectWhitelist> (none / block all URIs)

Allow local host access

Some connectors access their data sources from a host, such as a file server or mail host. The ConnectorConfig element controls whether the connector can access this data over the network. By default, each connector's AllowLocalHostAccess value is set to false.

<ConnectorConfig> <!-- Some connectors have connector specific configuration options which are managed here --> <Connector> <WebConnector> <AllowLocalHostAccess>false</AllowLocalHostAccess> </WebConnector> <SugarCRMConnector> <AllowLocalHostAccess>false</AllowLocalHostAccess> </SugarCRMConnector> <TextAnalyser_RepustateConnector> <AllowLocalHostAccess>false</AllowLocalHostAccess> </TextAnalyser_RepustateConnector> <MongoDBConnector> <AllowLocalHostAccess>false</AllowLocalHostAccess> </MongoDBConnector> <MSCRMConnector> <AllowLocalHostAccess>false</AllowLocalHostAccess> </MSCRMConnector> <ODataConnector> <AllowLocalHostAccess>false</AllowLocalHostAccess> </ODataConnector> <JIRAConnector> <AllowLocalHostAccess>false</AllowLocalHostAccess> </JIRAConnector> <NotificationConnector> <AllowLocalHostAccess>false</AllowLocalHostAccess> </NotificationConnector> <MailboxIMAPConnector> <AllowLocalHostAccess>false</AllowLocalHostAccess> </MailboxIMAPConnector> <MailboxPOP3Connector> <AllowLocalHostAccess>false</AllowLocalHostAccess> </MailboxPOP3Connector> </Connector> </ConnectorConfig>