MassTransit Enterprise and Premier versions utilize a web services (SOAP) interface for communication between the MassTransit web site and the MassTransit Engine. Without the proper security measures in place, the web services interface may be accessible to malicious attacks. Because MassTransit systems may sit outside of an organization's firewall in the demilitarized zone (DMZ), it may be necessary to firewall the ports used for web services to protect them from malicious activity.
For information on how to secure web services communications with MassTransit 7, please refer to Communications page.
It is recommended that your firewall restrict communication on the MassTransit web services port -- 50050 -- to the IP addresses of servers hosting approved applications that need web services access to MassTransit.
In a default MassTransit Enterprise and Premier installation, all web services calls should be local as the MassTransit web site is configured to run on the same machine as the MassTransit Engine. If you have custom applications that utilize the MassTransit web services interface that reside on other servers, you should add the IP addresses of those servers to the firewall whitelist. This configuration will prevent unknown servers from gaining access to the MassTransit web services interface.