Purpose: To provide an additional security layer to the existing password protection – especially crucial to production environments.
Note:
This solution does not replace the appropriate firewall precautions you should take to deny access to the Administration Interface from certain IP addresses.
By default, access to the Administration Interface is password protected. If you want to secure access to the Administration Interface, you can do so by setting an IP address-based access control list on the Web server running the Administration Interface.
After following this procedure, users that try to access the Administration Interface from not-allowed (unauthorized) IP addresses are not able to access the Administration Interface.
Linux:
The administration Interface runs on a dedicated lighttpd Web server. To secure access to the Administration Interface, edit your lighttpd configuration file in one of the following ways:
To only allow access from localhost, replace your lighttpd.conf with the pre-configured file called lighttpd.conf-localonly that is in the same directory.
To limit access to specific IP addresses, open your lighttpd.conf and add the IP addresses as follows:
$HTTP["remoteip"] !~ "10.1.2.163|10.1.6.46|127.0.0.1" { $HTTP["url"] =~ "^/ZendServer/" { url.access-deny = ( "" ) } }
This example shows how to allow access from 10.1.2.163, 10.1.6.46 and localhost and deny the rest.
You can also do:
$HTTP["remoteip"] !~ "10.1.2.163|10.1.6.*|127.0.0.1" { $HTTP["url"] =~ "^/ZendServer/" { url.access-deny = ( "" ) } }
This means that you allow access from 10.1.2.163, 10.1.6.46, 127.0.0.1 (localhost) and hosts from 10.1.6.0 and deny the rest.
After applying the changes to your configurations,
restart the lighttpd server with the command:
# <install_path>/bin/lighttpd.sh restart or alternatively
# <install_path>/bin/zendctl.sh
restart-lighttpd
For additional resources and information on Lighttpd, see https://calomel.org/lighttpd.html .
|
Windows:
There are a few precautions you can take in order to secure your connection:
Be
secured using SSL connection - a certificate is needed by 3rd party
vendors to enable encryption between client and server.
All IIS versions (5,6,7) use this surf-safe mode.
Use https connection which enables encryption.
Configure your Username and Password using 7-12 alpha-numeric numerals. Set your Password immediately after first-time installation.
Protect your connection using Anti-Virus.
Windows users should update their Microsoft Installation packs with the provided updates to avoid back-doors and loop-holes.
To limit IP access:
Enter your
Web server's configuration and define the IP addresses that should
be enabled.
Apache users should refer to the Apache documentation - http://httpd.apache.org/docs/2.2/howto/access.html
- Access control by host
For more information
about IIS security-related topics, visit the following Microsoft Web
site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx
|
|
|
Related Links: Lighttpd Resources - (External Link) |
|
|