Upgraded Director boxes show a Web server present on port 80.
A Director appliance recently upgraded to version 184.108.40.206 presents a webserver on port 80, with a page saying "Fedora Core".
Our network scans on the newly upgraded 220.127.116.11 Director boxes are showing a webserver on port 80.
How do I disable port 80 on Director boxes running version 18.104.22.168?
In Director SGME version 22.214.171.124, a new type of admin user was introduced called the "delegated admin user." Delegated users have limited privileges that enable them to push content filtering allow lists and block lists to devices. For more information see Chapters 8 and 9 of the Configuration and Management Guide for version 126.96.36.199, which can be found here: CMG5511
From the admin guide we see that the sadmin user manages “delegated users” who can push content filtering white lists and black lists to designated devices. White lists and black lists are lists of URLs and categories of URLs that are installed as local policy on selected devices using a new type of overlay—the Content Policy overlay. In other words, the sadmin user creates the ability for delegated users to create and push policy to devices. Delegated users only create and edit white lists and black lists and push those lists to devices. A delegated user in one user group cannot edit or push white lists or black lists that were created by a delegated user in a different user group.
This feature was introduced in Director SGME 188.8.131.52 to provide a new functionality. Customers who use Central Policy on their ProxySG can point their ProxySG appliances to the HTTP webserver on Director, which can be used to store the Central content Policy files, as descibed in the above paragraph. If it is turned off the SGs cannot access the Central Policy files.
Bluecoat support does not recommend disabling this port, but for some customers who do not use this feature this may be necesary to mitigate open ports on their appliances.
To disable this webserver, follow these steps.
1: Login to your Director appliance CLI using SSH and execute these commands.
2: Edit the httpd.conf file.
Comment out the "listen 80" line by adding a # to the beginning of the line.
IMPORTANT NOTE: This change does not persist through a restart of the Director appliance. When Director is restarted, this file is reverted back to its default state.
NOTE1: For a complete list of ports needed on Director, see KB3457
Rate this Page
Please take a moment to complete this form to help us better serve you.