I had an interesting call today.  A customer who works for a government agency needs to protect very sensitive data within Scrutinizer. He asked if they could control which IP addresses were allowed to connect to his Scrutinizer Web Interface.  Specifically, he wanted to deny all connections except for when Scrutinizer was accessed from the local server.

We can do this with a simple edit of the apache httpd.conf file.  The file is located in the Scrutinizer/Apache2/conf/ directory.  Before making any modifications, you make a copy of the current httpd.conf file so that you can revert to it in case of any problems.

Within the http.conf file look for the following lines:

apacheaccessbefore2

Modify the lines above to look like the lines below and save the file.

apacheaccessafter

Restart the Scrutinizer_apache2 service so that the changes are applied.

This server will now deny every host attempting to connect to Scrutinizer Web interface with the exception of IP address – 127.0.0.1.

This configuration now forces users to Log in from the local server just to be able to access the web interface subjecting them to any security measures applied to users logging on to a server.

Although this configuration limits access to only one specific IP, it is possible to specify which domains and networks have access and those that don’t.

Jamie Lee

Jamie Lee is the west coast Regional Manager at Plixer. He works with prospects to solve the unique needs of their network and visits existing customers to assist with training. He enjoys developing new partnerships and building long-lasting relationships with his clients. Jamie loves the outdoors and his favorite hobbies include fishing, hiking, and football.

Related

Leave a Reply