Web Isolation

 View Only
  • 1.  how to disable access to management new URL

    Posted Nov 16, 2020 01:37 AM
    Hi,

    Management gateway allows additional access from https://<management>/console from version 1.14.
    This changes does not care about using as Web Application Isolation.
    In case of running the WAI on single box, anyone can access above URL without restrictions because anyone need access to port 443.
    Does anyone know how to disable the URL?


  • 2.  RE: how to disable access to management new URL

    Posted Dec 02, 2020 09:03 PM
    I found way to disabling access to the https://<management>/console and permit access only to 9000 port.
    Edit /etc/mnt/clif.conf as follows in the docker container named clif_, and restart the container.

    before:

    location = /console {
    return 301 https:/<hostname>/console/;
    }

    location /console/ {
    proxy_set_header X-Fg-Client-Ip $proxy_protocol_addr;
    proxy_pass http://management/;
    error_page 502 /internal_resources/mgmt_unavailable.html;
    }

    after:

    location = /console {
    return 301 https://<hostname>/;
    }


    location /console/ {
    return 301 https://<hostname>/;
    }


    Broadcom won't support this settings, but it works well.