Securing the Administration Interface

Purpose: To provide an additional security layer to the existing password protection – especially crucial to production environments.

Note:

This solution does not replace the appropriate firewall precautions you should take to deny access to the Administration Interface from certain IP addresses.

By default, access to the Administration Interface is password protected. If you want to secure access to the Administration Interface, you can do so by setting an IP address-based access control list on the Web server running the Administration Interface.

After following this procedure, users that try to access the Administration Interface from not-allowed (unauthorized) IP addresses are not able to access the Administration Interface.

 

Linux:

The administration Interface runs on a dedicated lighttpd Web server. To secure access to the Administration Interface, edit your lighttpd configuration file in one of the following ways:

 

  1. To only allow access from localhost, replace your lighttpd.conf with the pre-configured file called lighttpd.conf-localonly that is in the same directory.

  2. To limit access to specific IP addresses, open your lighttpd.conf and add the IP addresses as follows:

$HTTP["remoteip"] !~ "10.1.2.163|10.1.6.46|127.0.0.1" { $HTTP["url"] =~ "^/ZendServer/" { url.access-deny = ( "" ) } }

This example shows how to allow access from 10.1.2.163, 10.1.6.46 and localhost and deny the rest.

 

You can also do:

$HTTP["remoteip"] !~ "10.1.2.163|10.1.6.*|127.0.0.1" { $HTTP["url"] =~ "^/ZendServer/" { url.access-deny = ( "" ) } }

This means that you allow access from 10.1.2.163, 10.1.6.46, 127.0.0.1 (localhost) and hosts from 10.1.6.0 and deny the rest.

 

  1. After applying the changes to your configurations, restart the lighttpd server with the command:
    # <install_path>/bin/lighttpd.sh restart
     or alternatively # <install_path>/bin/zendctl.sh restart-lighttpd

bulb.gif

 

For additional resources and information on Lighttpd, see https://calomel.org/lighttpd.html .

 

Windows:

There are a few precautions you can take in order to secure your connection:

To limit IP access:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

 

 

Related Links

Related Links:

Lighttpd Resources - (External Link)