[BlueOnyx:20141] Re: Hacker - what to do next

[Colin Jack]

Thanks Michael,



On 13/10/2016, 21:01, "Blueonyx on behalf of Michael Stauber" <blueonyx-bounces at mail.blueonyx.it on behalf of mstauber at blueonyx.it> wrote:



    Hi Colin,



    >> My recommendation is to only allow GUI access via HTTPS, which can be

    >> configured via the GUI itself.

    >

    > How would I do this? Can't find a setting (but then I may not be

    > looking in the right place!).



    "Server Management" / "Maintenance" / "Server Desktop".



    The field "GUI access protocols" usually shows "HTTP and HTTPS". Change

    it to "HTTPS only" and tick the checkbox for "Redirect to Server-Name".



    What it does is this:



    Say the server is named server.company.com and you have a Vsite named

    vsite.com.



    Someone goes to http://vsite.com/login, which will (as usual) redirect

    to the AdmServ at http://server.company.com:444/login



    However: If the GUI is set to "HTTPS only", it will redirect once more

    to https://server.company.com:81/login



    This serves two purposes: You can only see any GUI page when you access

    it via HTTPS. Any call to a GUI page via HTTP will be redirected to the

    respective HTTPS page of the same URL.



    The checkbox "Redirect to Server-Name" (if ticked) will make sure that

    you don't get the "The certificate is only valid for server.company.com"

    error if someone uses http://vsite.com/login. You would get that if we

    did a straight redirect from there to HTTPS without replacing the domain

    name.



    Unavoidably you still see it if someone uses https://vsite.com/login,

    though.



 I knew it had to be there somewhere! ☺



Kind regards



Colin




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20161013/22b349b2/attachment.html>