Disable WebConfig page

Question

Is there a supported way of disabling the WebConfig page on appliances portals and collectors, including that it does not get re-enabled on next update?Thanks

TonyAndres · Accepted Answer

Hello James,As detailed above, blocking port 7700 via rich rules in firewalld is the most reliable way of blocking access to the web configurator for an appliance. However, keep in mind that accessing the web configurator may be necessary for the administration and troubleshooting for an appliance, so access to it may be required.Antonio AndresPrincipal Technical Support Engineer | ScienceLogic

dvanamerongen · Answer

We have done just that because of security and following issue

[CRITICAL] The web configuration utility (:7700) produces inconsistent results when changing configurations and can cause major issues
https://support.sciencelogic.com/s/article/16108

https://docs.sciencelogic.com/latest/Content/Web_Install_Configure/Installation/installation_prep_ports.htm

Have observed the same that with upgrades firewall rules are not retained (for example also in HA+DR environment with multiple DB's you will lose rules from the non-active DB/DR to the Collectors). You need to update firewalld-rich-rules.siteconfig file. Following should not have it re-enabled next upgrade

sudo vifw

or

sudo vi /etc/siteconfig/firewalld-rich-rules.siteconfig

add following line
rule port port="7700" protocol="tcp" reject

update firewall
sudo /opt/em7/share/scripts/update-firewalld-conf.py

beware restarts firewall. can cause events/disruptions.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded