Disable auto WSDL generation

Cameron C
  • Cameron C

    Cameron C - 2009-06-24


    I am mainly concerned with the potential security risk of putting a wsdl in public domain when third-parties will not be connecting to the soap service.

    What I would like to do is disable the auto generation of the wsdl once I'm done coding my project.
    Thus is someone goes to http://example.com/example.php?wsdl
    they'll get nothing.

    Any easy way of doing this?

    Thanks in advance,

    • Cameron C

      Cameron C - 2009-06-25

      I seemed to have found a way to do this.
      It's probably not the best. But this is how I was able to get nusoap to disable the auto-generation of the wsdl.

      In the file nusoap.php edit the following:
      Commend out line 3669: print $this->wsdl->serialize($this->debug_flag);
      Comment out line 3681: print $this->wsdl->webDescription();

      This basically just stops nusoap from printing out the wsdl info.

      If anyone has a better way to do this please let me know.


      • jskywalker

        jskywalker - 2009-06-25

        in nusoap.php i see:
        3575         /**
        3576         * constructor
        3577     * the optional parameter is a path to a WSDL file that you'd like to bind the server instance to.
        3578         *
        3579     * @param mixed $wsdl file path or URL (string), or wsdl instance (object)
        3580         * @access   public
        3581         */
        3582         function nusoap_server($wsdl=false){
        3583                 parent::nusoap_base();
        3584                 // turn on debugging?
        3585                 global $debug;

        especially this line 3577 does seem of interest...

        in your PHP-code write
        $server = new soap_server("link to alternative-WSDL>");
        in stead of:
        $server = new soap_server();

        its even in the docs:
        Constructor nusoap_server (line 3581)
        constructor the optional parameter is a path to a WSDL file that you'd like to bind the server instance to.
            * access: public
        nusoap_server nusoap_server ([mixed $wsdl = false])
            * mixed $wsdl: file path or URL (string), or wsdl instance (object)

        • Cameron C

          Cameron C - 2009-06-28


          From your post I'm guessing that pointing to a blank wsdl will hide the proper wsdl to the public.
          However will that effect the actual legit services available to use?


          • jskywalker

            jskywalker - 2009-06-28

            I think all will work after removing you original WSDL

            But you should keep in mind:
            1) It should point to a valid XML (WSDL-file), not to
            $server = new soap_server("http://www.example.com");
            will thow this error:
            WSDL ERROR: HTTP ERROR: server failed to send headers

            2) The user should have a file-copy of you original WSDL to be able to use your webservice

            Probably securing you webservice with some access-policy (ip-address and/or username/password might be a better idea)

            Although i think i'm not totally wrong here, i hope someone reading this can confirm the above, because i'm a pretty noob on webservices meself...

    • Cybercortex

      Cybercortex - 2009-08-18

      I solved this problem by changing the last two lines of my server script from:



      if (isset($HTTP_RAW_POST_DATA)) {


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks