In Director SGME version 184.108.40.206, a new type of admin user was introduced called the "delegated admin user." Delegated users have limited privileges that enable them to push content filtering allow lists and block lists to devices. For more information see Chapters 8 and 9 of the Configuration and Management Guide for version 220.127.116.11, which can be found here: CMG5511
From the admin guide we see that the sadmin user manages “delegated users” who can push content filtering white lists and black lists to designated devices. White lists and black lists are lists of URLs and categories of URLs that are installed as local policy on selected devices using a new type of overlay—the Content Policy overlay. In other words, the sadmin user creates the ability for delegated users to create and push policy to devices. Delegated users only create and edit white lists and black lists and push those lists to devices. A delegated user in one user group cannot edit or push white lists or black lists that were created by a delegated user in a different user group.
This feature was introduced in Director SGME 18.104.22.168 to provide a new functionality. Customers who use Central Policy on their ProxySG can point their ProxySG appliances to the HTTP webserver on Director, which can be used to store the Central content Policy files, as descibed in the above paragraph. If it is turned off the SGs cannot access the Central Policy files.
Bluecoat support does not recommend disabling this port, but for some customers who do not use this feature this may be necesary to mitigate open ports on their appliances.
To disable this webserver, follow these steps.
1: Login to your Director appliance CLI using SSH and execute these commands.
- director > enable
- director # config t
- director (config) # shell
2: Edit the httpd.conf file.
- sh-2.05b# vi /etc/httpd/conf/httpd.conf
- sh-2.05b# /etc/init.d/httpd stop
- sh-2.05b# /etc/init.d/httpd start
- sh-2.05b# exit
- director #
Comment out the "listen 80" line by adding a # to the beginning of the line.
IMPORTANT NOTE: This change does not persist through a restart of the Director appliance. When Director is restarted, this file is reverted back to its default state.
NOTE1: For a complete list of ports needed on Director, see 000015461