I found way to disabling access to the
https://<management>/console and permit access only to 9000 port.
Edit /etc/mnt/clif.conf as follows in the docker container named clif_, and restart the container.
before:
location = /console {
return 301 https:/<hostname>/console/;
}
location /console/ {
proxy_set_header X-Fg-Client-Ip $proxy_protocol_addr;
proxy_pass
http://management/;error_page 502 /internal_resources/mgmt_unavailable.html;
}
after:
location = /console {
return 301
https://<hostname>/;}
location /console/ {
return 301
https://<hostname>/;}
Broadcom won't support this settings, but it works well.
Original Message:
Sent: 11-16-2020 01:36 AM
From: Tatsuaki Shirakawa
Subject: how to disable access to management new URL
Hi,
Management gateway allows additional access from https://<management>/console from version 1.14.
This changes does not care about using as Web Application Isolation.
In case of running the WAI on single box, anyone can access above URL without restrictions because anyone need access to port 443.
Does anyone know how to disable the URL?