Upgraded Director boxes show a Web server present on port 80.


<< Back to Knowledge Search

Solution

Overview

A Director appliance recently upgraded to version 5.5.1.1 presents a webserver on port 80, with a page saying "Fedora Core".

Our network scans on the newly upgraded 5.5.1.1 Director boxes are showing a webserver on port 80. 

How do I disable port 80 on Director boxes running version 5.5.1.1?

Cause
Resolution

In Director SGME version 5.5.1.1, a new type of admin user was introduced called the "delegated admin user." Delegated users have limited privileges that enable them to push content filtering allow lists and block lists to devices.  For more information see Chapters 8 and 9 of the Configuration and Management Guide for version 5.5.1.1, which can be found here: CMG5511 

From the admin guide we see that the sadmin user manages “delegated users” who can push content filtering white lists and black lists to designated devices. White lists and black lists are lists of URLs and categories of URLs that are installed as local policy on selected devices using a new type of overlay—the Content Policy overlay. In other words, the sadmin user creates the ability for delegated users to create and push policy to devices. Delegated users only create and edit white lists and black lists and push those lists to devices. A delegated user in one user group cannot edit or push white lists or black lists that were created by a delegated user in a different user group.

This feature was introduced in Director SGME 5.5.1.1 to provide a new functionality. Customers who use Central Policy on their ProxySG can point their ProxySG appliances to the HTTP webserver on Director, which can be used to store the Central content Policy files, as descibed in the above paragraph. If it is turned off the SGs cannot access the Central Policy files. 

Bluecoat support does not recommend disabling this port, but for some customers who do not use this feature this may be necesary to mitigate open ports on their appliances.

To disable this webserver, follow these steps.

1: Login to your Director appliance CLI using SSH and execute these commands.

  • director > enable
  • director # config t
  • director (config) # shell
  • sh-2.05b#

2: Edit the httpd.conf file.

  • sh-2.05b# vi /etc/httpd/conf/httpd.conf
  • sh-2.05b# /etc/init.d/httpd stop
  • sh-2.05b# /etc/init.d/httpd start
  • sh-2.05b# exit
  • director #

Comment out the "listen 80" line by adding a # to the beginning of the line.

IMPORTANT NOTE: This change does not persist through a restart of the Director appliance. When Director is restarted, this file is reverted back to its default state.

NOTE1: For a complete list of ports needed on Director, see 000015461

 

 

 

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4165
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      Director 510
Topic      Authentication, Configuration / WUI / CLI, Errors / Event Logs / Alerts, Installation / Configuration, Networking, Upgrade / Maintenance, Wide Dictionary Compression
Article Number      000014310
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat