Is there a supported way of disabling the WebConfig page on appliances portals and collectors, including that it does not get re-enabled on next update?Thanks

Hello James, As detailed above, blocking port 7700 via rich rules in firewalld is the most reliable way of blocking access to the web configurator for an appliance. However, keep in mind that accessing the web configurator may be necessary for the administration and troubleshooting for an appliance, so access to it may be required. Antonio Andres Principal Technical Support Engineer | ScienceLogic

Disable WebConfig page | Nexus ScienceLogic Community

3 Replies

dvanamerongen
Contributor II
2 months ago
We have done just that because of security and following issue
[CRITICAL] The web configuration utility (:7700) produces inconsistent results when changing configurations and can cause major issues
https://support.sciencelogic.com/s/article/16108
https://docs.sciencelogic.com/latest/Content/Web_Install_Configure/Installation/installation_prep_ports.htm
Have observed the same that with upgrades firewall rules are not retained (for example also in HA+DR environment with multiple DB's you will lose rules from the non-active DB/DR to the Collectors). You need to update firewalld-rich-rules.siteconfig file. Following should not have it re-enabled next upgrade
sudo vifw
or
sudo vi /etc/siteconfig/firewalld-rich-rules.siteconfig
add following line
rule port port="7700" protocol="tcp" reject
update firewall
sudo /opt/em7/share/scripts/update-firewalld-conf.py
beware restarts firewall. can cause events/disruptions.
Savage
Contributor III
2 months ago
You can probaly use this and have the ffirewall block the service for port 7700
https://support.sciencelogic.com/s/article/17277
TonyAndres
Moderator
31 days ago
Hello James,

As detailed above, blocking port 7700 via rich rules in firewalld is the most reliable way of blocking access to the web configurator for an appliance. However, keep in mind that accessing the web configurator may be necessary for the administration and troubleshooting for an appliance, so access to it may be required.

Antonio Andres

Principal Technical Support Engineer | ScienceLogic

Forum Discussion

Disable WebConfig page

3 Replies

Recent Discussions

PowerFlow debugging

Dynamic device group automation with GQL

Create event in absence of "heartbeat" trap

PowerFlow SSO Authentication

The Auto Diagnostics feature is available for Cloud environment???