Has anyone had any luck restricting FilerView to *only* https/SSL? Appears that enabling SSL allows https browsing, but does not restrict it to only https, as http is still allowed.
Options httpd allow to restrict to certain workstations yes, but appears there's no way to configure it such that only https is allowed, and http browsing will return 404 or something like that.
Any ideas? Thanks.
KP.
________________________________ Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately.
I don't know what ONTAP release you're running, but try this:
1. secureadmin setup ssl 2. options httpd.admin.enable off
You should see something like this:
toaster> options httpd.admin httpd.admin.access legacy httpd.admin.enable off httpd.admin.hostsequiv.enable off httpd.admin.max_connections 1023 httpd.admin.ssl.enable on httpd.admin.top-page.authentication on
If you want to further restrict access, you can do it with httpd.admin.access.
- Rick -
-----Original Message----- From: Kevin Parker [mailto:KParker@nwnit.com] Sent: Thursday, September 27, 2007 10:29 AM To: toasters@mathworks.com Subject: HTTPS access only to FilerView
Has anyone had any luck restricting FilerView to *only* https/SSL? Appears that enabling SSL allows https browsing, but does not restrict it to only https, as http is still allowed.
Options httpd allow to restrict to certain workstations yes, but appears there's no way to configure it such that only https is allowed, and http browsing will return 404 or something like that.
Any ideas? Thanks.
KP.
_____
Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately.
Kevin Parker writes:
Has anyone had any luck restricting FilerView to *only* https/SSL? Appears that enabling SSL allows https browsing, but does not restrict it to only https, as http is still allowed.
Options httpd allow to restrict to certain workstations yes, but appears there's no way to configure it such that only https is allowed, and http browsing will return 404 or something like that.
I logged a support case with Netapp about 3 months ago regarding this problem, but the person dealing with it didn't understand my problem with HTTP and only offered the options httpd.allow you mention above, without offering me a way to restrict http more than https.
I got busy with other things and let it drop rather than trying to get Netapp to escalate the case to someone with a clue, but if you get an answer I'd like to know too. In the mean time I've restricted FilerView access to only a couple of workstations of people I trust not to use HTTP.
Nicolai
I experienced the similar behavior on a FAS3050HA system running DOT 7.1.1, after talking to NetApp GSC, it turns out there was a BURT (sorry i don't have the email referencing the BURT#) on DOT 7.1.1, and the resolution was to upgrade to DOT 7.2.3. We were doing that anyway during the next maintenance window. After the code was updated and the cluster rebooted, the java portions of Filerview still wouldn't work, the last step that fixed it was:
options httpd.admin.ssl.enable off options httpd.admin.ssl.enable on
After resetting that options all portions of Filerview worked perfectly on https only and we were able to disable the unencrypted http access.
HTH Mike Partyka
________________________________
From: owner-toasters@mathworks.com on behalf of Nicolai E M Plum Sent: Sat 9/29/2007 7:02 AM To: Kevin Parker Cc: toasters@mathworks.com Subject: Re: HTTPS access only to FilerView
Kevin Parker writes:
Has anyone had any luck restricting FilerView to *only* https/SSL? Appears that enabling SSL allows https browsing, but does not restrict it to only https, as http is still allowed.
Options httpd allow to restrict to certain workstations yes, but appears there's no way to configure it such that only https is allowed, and http browsing will return 404 or something like that.
I logged a support case with Netapp about 3 months ago regarding this problem, but the person dealing with it didn't understand my problem with HTTP and only offered the options httpd.allow you mention above, without offering me a way to restrict http more than https.
I got busy with other things and let it drop rather than trying to get Netapp to escalate the case to someone with a clue, but if you get an answer I'd like to know too. In the mean time I've restricted FilerView access to only a couple of workstations of people I trust not to use HTTP.
Nicolai
-
Ehrhart, Rick -
Kevin Parker -
Mike Partyka -
Nicolai E M Plum