Sometimes you might need to install Administration Console with multiple IP address. For example, when you install Administration Console and Identity Server on the same machine. Identity Server must be accessible and the services provided by Access Manager must be available on the Internet. This might cause a security issue with Administration Console.
Perform the following steps to secure Administration Console in this scenario:
Open the Administration Console server.xml file.
Search for the context path nps.
<Context docBase="/opt/novell/nam/adminconsole/webapps/nps" path="/nps" reloadable="false" <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="xxx.yyy.zzz.www"/>
If the context path exists, then modify or update the allow value with the host entries, if required.
If the context path does not exist, add the following lines before the end of the </Host> block:
<Context path="/nps">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="xxx.yyy.zzz.www"/>
</Context>
The syntax for the allow directive, which can also be changed to a deny directive, is a comma-separated IP regular expressions list (Perl regex format). A simple example is as follows:
allow="192.168.10[1-3].[0-9]*"
This allows you to access Administration Console using the following IP addresses:
192.168.101.0/24, 192.168.102.0/24, 192.168.103.0/24.
If you write the syntax as follows:
deny=="192.168.10[1-3].[0-9]*"
Administration Console access is blocked from the following IP address:
192.168.101.0/24, 192.168.102.0/24,192.168.103.0/24
For information about how to modify a file, see Modifying Configurations
in the NetIQ Access Manager 5.0 Administration Guide.
NOTE:This file is specific to each cluster. Therefore, while applying the changes from this file, the keystore password is retained in each cluster.
If you write the syntax as follows:
allow="164.99.232.78|10.71.142.5"
Administration Console allows access to Analytics Dashboard through direct URL.