[BlueOnyx:20140] Re: Hacker - what to do next
Michael Stauber
mstauber at blueonyx.it
Thu Oct 13 15:01:45 -05 2016
Hi Colin,
>> My recommendation is to only allow GUI access via HTTPS, which can be
>> configured via the GUI itself.
>
> How would I do this? Can't find a setting (but then I may not be
> looking in the right place!).
"Server Management" / "Maintenance" / "Server Desktop".
The field "GUI access protocols" usually shows "HTTP and HTTPS". Change
it to "HTTPS only" and tick the checkbox for "Redirect to Server-Name".
What it does is this:
Say the server is named server.company.com and you have a Vsite named
vsite.com.
Someone goes to http://vsite.com/login, which will (as usual) redirect
to the AdmServ at http://server.company.com:444/login
However: If the GUI is set to "HTTPS only", it will redirect once more
to https://server.company.com:81/login
This serves two purposes: You can only see any GUI page when you access
it via HTTPS. Any call to a GUI page via HTTP will be redirected to the
respective HTTPS page of the same URL.
The checkbox "Redirect to Server-Name" (if ticked) will make sure that
you don't get the "The certificate is only valid for server.company.com"
error if someone uses http://vsite.com/login. You would get that if we
did a straight redirect from there to HTTPS without replacing the domain
name.
Unavoidably you still see it if someone uses https://vsite.com/login,
though.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list