Solutions

Upgraded Director boxes show a Web server present on port 80.

Solutions ID:    KB4165
Version:    7.0
Status:    Published
Published date:    11/12/2010
Updated:    05/13/2011
 

Problem Description

A Director appliance recently upgraded to version 5.5.1.1 presents a webserver on port 80, with a page saying "Fedora Core".

Our network scans on the newly upgraded 5.5.1.1 Director boxes are showing a webserver on port 80. 

How do I disable port 80 on Director boxes running version 5.5.1.1?

Resolution

In Director SGME version 5.5.1.1, a new type of admin user was introduced called the "delegated admin user." Delegated users have limited privileges that enable them to push content filtering allow lists and block lists to devices.  For more information see Chapters 8 and 9 of the Configuration and Management Guide for version 5.5.1.1, which can be found here: CMG5511 

From the admin guide we see that the sadmin user manages “delegated users” who can push content filtering white lists and black lists to designated devices. White lists and black lists are lists of URLs and categories of URLs that are installed as local policy on selected devices using a new type of overlay—the Content Policy overlay. In other words, the sadmin user creates the ability for delegated users to create and push policy to devices. Delegated users only create and edit white lists and black lists and push those lists to devices. A delegated user in one user group cannot edit or push white lists or black lists that were created by a delegated user in a different user group.

This feature was introduced in Director SGME 5.5.1.1 to provide a new functionality. Customers who use Central Policy on their ProxySG can point their ProxySG appliances to the HTTP webserver on Director, which can be used to store the Central content Policy files, as descibed in the above paragraph. If it is turned off the SGs cannot access the Central Policy files. 

Bluecoat support does not recommend disabling this port, but for some customers who do not use this feature this may be necesary to mitigate open ports on their appliances.

To disable this webserver, follow these steps.

1: Login to your Director appliance CLI using SSH and execute these commands.

  • director > enable
  • director # config t
  • director (config) # shell
  • sh-2.05b#

2: Edit the httpd.conf file.

  • sh-2.05b# vi /etc/httpd/conf/httpd.conf
  • sh-2.05b# /etc/init.d/httpd stop
  • sh-2.05b# /etc/init.d/httpd start
  • sh-2.05b# exit
  • director #

Comment out the "listen 80" line by adding a # to the beginning of the line.

IMPORTANT NOTE: This change does not persist through a restart of the Director appliance. When Director is restarted, this file is reverted back to its default state.

NOTE1: For a complete list of ports needed on Director, see KB3457

 

 

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question