Zend Server Best Practices > Security > Securing the User Interface

Securing the User Interface

Purpose: To provide an additional security layer to the existing password protection – especially crucial to production environments.

Note:

This solution does not replace the appropriate firewall precautions you should take to deny access to the User Interface from certain IP addresses.

By default, access to the User Interface is password protected. If you want to secure access to the User Interface, you can do so by setting an IP address-based access control list on the Web server running the User Interface.

After following this procedure, users that try to access the User Interface from not-allowed (unauthorized) IP addresses are not able to access the User Interface.

Linux

The administration Interface runs on a dedicated lighttpd Web server. To secure access to the User Interface, edit your lighttpd configuration file in one of the following ways:

 

  1. To only allow access from localhost, replace your lighttpd.conf with the pre-configured file called lighttpd.conf-localonly that is in the same directory.

  2. To limit access to specific IP addresses, open your lighttpd.conf and add the IP addresses as follows:

$HTTP["remoteip"] !~ "10.1.2.163|10.1.6.46|127.0.0.1" { $HTTP["url"] =~ "^/ZendServer/" { url.access-deny = ( "" ) } }

This example shows how to allow access from 10.1.2.163, 10.1.6.46 and localhost and deny the rest.

 

You can also do:

$HTTP["remoteip"] !~ "10.1.2.163|10.1.6.*|127.0.0.1" { $HTTP["url"] =~ "^/ZendServer/" { url.access-deny = ( "" ) } }

This means that you allow access from 10.1.2.163, 10.1.6.46, 127.0.0.1 (localhost) and hosts from 10.1.6.0 and deny the rest.

 

  1. After applying the changes to your configurations, restart the lighttpd server with the command:

# <install_path>/bin/lighttpd.sh restart  

or alternatively:

# <install_path>/bin/zendctl.sh restart-lighttpd

Tip:

For additional resources and information on Lighttpd, see https://calomel.org/lighttpd.html .

Windows

There are a few precautions you can take in order to secure your connection:

To limit IP access:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

 

Read Also

  Zend Server Best Practices    
  Security