options httpd.admin.enable off will stop access to FilerView.
If http is unlicensed, and httpd.enable and httpd.admin.enable are both switched off, then any sockets opened on port 80 will be immediately closed (this behaviour was initiated to address BURT 4998).
Regards, Andrew
-----Original Message----- From: Kenneth Whittaker [mailto:kenw@cruzoid.com] Sent: 20 September 2001 00:51 To: leigh@ai.mit.edu; toasters@mathworks.com Subject: Re: port 80 answers tcp
I think the filer listens on port 80 even when http is unlicensed so that it can offer html-ized man pages. I'm not sure there is a way to turn it completely off...?
----- Original Message ----- From: "Leigh David Heyman" leigh@ai.mit.edu To: toasters@mathworks.com Sent: Wednesday, September 19, 2001 8:34 AM Subject: port 80 answers tcp
Hi, I've noticed that in DoT, the filer still has tcp port 80 open and
listening
even with "options httpd.enable off."
Since the nimda and code red worms send attack traffic to
any hosts which
respond on port 80, regardless of whether it's a vulnerable windows
webserver,
is there any way to actually prevent the filer from having
tcp port 80 open
and listening?
Thanks,
-Leigh
=====================================================================
Leigh Heyman,GCIA Artificial
Intelligence Lab
Systems Administrator Massachusetts Institute of
Technology
leigh@ai.mit.edu
617-253-1729
Just checked two of my filers, one running 5.3.4, the other running 6.1R1, both with
httpd.admin.enable off httpd.enable off
[dave@home ~]$ telnet filer 80 Trying x.x.x.x... Connected to filer. Escape character is '^]'. GET / HTTP/1.0
HTTP/1.0 503 HTTP not enabled MIME-Version: 1.0 Server: NetApp/build.R5.3.4xN_991121_1250.991121_1329 Date: Thu, 20 Sep 2001 08:45:12 GMT Content-Length: 115 Content-Type: text/html
<HTML> <HEAD> <TITLE>Error</TITLE> </HEAD> <BODY> <H1>Error 503</H1>
HTTP not enabled
</BODY> </HTML> Connection closed by foreign host.
It's closing the connection, but after it's served back that page with 'http not enabled'. What I think would be usefull would be to stop the filer listening on port 80 altogether, not just have it returning an error page. Is that possible?
On Thu, Sep 20, 2001 at 12:35:19AM -0700, Bond, Andrew wrote:
options httpd.admin.enable off will stop access to FilerView.
If http is unlicensed, and httpd.enable and httpd.admin.enable are both switched off, then any sockets opened on port 80 will be immediately closed (this behaviour was initiated to address BURT 4998).
Regards, Andrew
-----Original Message----- From: Kenneth Whittaker [mailto:kenw@cruzoid.com] Sent: 20 September 2001 00:51 To: leigh@ai.mit.edu; toasters@mathworks.com Subject: Re: port 80 answers tcp
I think the filer listens on port 80 even when http is unlicensed so that it can offer html-ized man pages. I'm not sure there is a way to turn it completely off...?
----- Original Message ----- From: "Leigh David Heyman" leigh@ai.mit.edu To: toasters@mathworks.com Sent: Wednesday, September 19, 2001 8:34 AM Subject: port 80 answers tcp
Hi, I've noticed that in DoT, the filer still has tcp port 80 open and
listening
even with "options httpd.enable off."
Since the nimda and code red worms send attack traffic to
any hosts which
respond on port 80, regardless of whether it's a vulnerable windows
webserver,
is there any way to actually prevent the filer from having
tcp port 80 open
and listening?
Thanks,
-Leigh
=====================================================================
Leigh Heyman,GCIA Artificial
Intelligence Lab
Systems Administrator Massachusetts Institute of
Technology
leigh@ai.mit.edu
617-253-1729
-
Bond, Andrew -
Dave Burke