Forum Discussion

jamesramsden's avatar
jamesramsden
Icon for Contributor III rankContributor III
2 months ago
Solved

Disable WebConfig page

Is there a supported way of disabling the WebConfig page on appliances portals and collectors, including that it does not get re-enabled on next update?

Thanks

  • Hello James,

    As detailed above, blocking port 7700 via rich rules in firewalld is the most reliable way of blocking access to the web configurator for an appliance. However, keep in mind that accessing the web configurator may be necessary for the administration and troubleshooting for an appliance, so access to it may be required.

    Antonio Andres

    Principal Technical Support Engineer | ScienceLogic

3 Replies

  • We have done just that because of security and following issue

    [CRITICAL] The web configuration utility (:7700) produces inconsistent results when changing configurations and can cause major issues
    https://support.sciencelogic.com/s/article/16108

    https://docs.sciencelogic.com/latest/Content/Web_Install_Configure/Installation/installation_prep_ports.htm

    Have observed the same that with upgrades firewall rules are not retained (for example also in HA+DR environment with multiple DB's you will lose rules from the non-active DB/DR to the Collectors). You need to update firewalld-rich-rules.siteconfig file. Following should not have it re-enabled next upgrade

    sudo vifw

    or

    sudo vi /etc/siteconfig/firewalld-rich-rules.siteconfig

    add following line
    rule port port="7700" protocol="tcp" reject

    update firewall
    sudo /opt/em7/share/scripts/update-firewalld-conf.py

    beware restarts firewall. can cause events/disruptions.

  • Hello James,

    As detailed above, blocking port 7700 via rich rules in firewalld is the most reliable way of blocking access to the web configurator for an appliance. However, keep in mind that accessing the web configurator may be necessary for the administration and troubleshooting for an appliance, so access to it may be required.

    Antonio Andres

    Principal Technical Support Engineer | ScienceLogic