Endpoint Security Complete

 View Only

How to Keep the Mobility Suite Admin Console Restricted from the Internet 

Nov 20, 2015 12:39 PM

The below steps explain how to restrict the Mobility Suite's Mobility Manager Admin Console from being published to the internet and only accessible from the internal network:

1. Modify the '/usr/local/nukona/etc/nginx/conf.d/appstore_cu.conf' file by typing the following command from the Linux Terminal on each Mobility Suite Front End:

vi /usr/local/nukona/etc/nginx/conf.d/appstore_cu.conf

admin_access1.png

2. Navigate to the end of the file using the 'Down Arrow' or 'Page Down' keys and locate the following fields in the file:

        #
        # Main application
        #
        location ~* ciscoise {
                ModSecurityConfig conf.d/appstore_cu_ciscoise.modsec;
                uwsgi_pass appstore_cu;
        }

        location /acprocessingservice {
                allow 127.0.0.1;
                deny all;
                uwsgi_pass  appstore_cu;
        }

        location / {
                uwsgi_pass  appstore_cu;
        }
}

3. Press the 'i' key to modify the empty space between the '}' character after the second 'uwsgi_pass    appstore_cu;' entry with the following information:

          location /admin {
                  allow <intranet IP range>;
                  deny all;
                  uwsgi_pass  appstore_cu;
          }

Below is an example of all these fields filled out:

        #
        # Main application
        #
        location ~* ciscoise {
                ModSecurityConfig conf.d/appstore_cu_ciscoise.modsec;
                uwsgi_pass appstore_cu;
        }

        location /acprocessingservice {
                allow 127.0.0.1;
                deny all;
                uwsgi_pass  appstore_cu;
        }

        location /admin {
                allow 127.0.0.1;
                allow 172.19.215.0/24;
                allow 172.19.216.0/24;
                allow 172.19.217.0/24;
                allow 172.19.218.0/24;
                deny all;
                uwsgi_pass  appstore_cu;
        }

        location / {
                uwsgi_pass  appstore_cu;
        }
}

4. Once you are finished editing this document, press the 'Esc' key and type ':wq' hitting <Enter> to write the changes to the file.

5. Restart the Mobility Suite daemons on all the Front End servers that were modified by typing in the following command:

/etc/init.d/appcenter-services restart

Once the daemons have started back up, test the connectivity to the Admin Portal through a web browser. If it succeeds, then you will see the following page appear on any /admin/ page:

admin_access2.png

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.