Active IQ Unified Manager Discussions

Can http Access be Disabled in WFA?

jpierson

IHAC who's using https for WFA and would like to disable http access for internal IT audit reasons. Is there currently any way to do this?

Thanks in advance,

Jason

1 ACCEPTED SOLUTION

sinhaa

For 2.0

====

Steps

     1. Open the Windows services console by using services.msc and stop the NetApp WFA Server service.

     2. Edit the server.xml file:

     a) Open the server.xml file from the following location using an XML editor such as Notepad++:

     c:\Program Files\NetApp\WFA\jboss\server\default\deploy\jbossweb.sar

     b) Locate the following element: <Connector protocol="HTTP/1.1" port="${http.port}" address="${jboss.bind.address}" connectionTimeout="20000" redirectPort="${https.port}" maxSavePostSize="-1"

restrictedUserAgents="^.*MS Web Services Client Protocol.*$" />.


     c) Replace "${jboss.bind.address}" with "127.0.0.1".

     d) Save the server.xml file.

3. Restart the NetApp WFA Server service.

For 2.2

======

See the installation and setup guide https://library.netapp.com/ecm/ecm_get_file/ECMP1397247

Page 29.

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

6 REPLIES 6

sinhaa

http on WFA can be disabled for the external access of WFA server i.e. access using IP or Hostname. Access of WFA using "localhost" over http will still work and its also required by WFA.

How? It depends on your WFA vesion. What is the WFA version you are using?

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

jpierson

Customer is using two versions; 2.0 for 7-mode and 2.2 for cDOT

sinhaa

For 2.0

====

Steps

     1. Open the Windows services console by using services.msc and stop the NetApp WFA Server service.

     2. Edit the server.xml file:

     a) Open the server.xml file from the following location using an XML editor such as Notepad++:

     c:\Program Files\NetApp\WFA\jboss\server\default\deploy\jbossweb.sar

     b) Locate the following element: <Connector protocol="HTTP/1.1" port="${http.port}" address="${jboss.bind.address}" connectionTimeout="20000" redirectPort="${https.port}" maxSavePostSize="-1"

restrictedUserAgents="^.*MS Web Services Client Protocol.*$" />.


     c) Replace "${jboss.bind.address}" with "127.0.0.1".

     d) Save the server.xml file.

3. Restart the NetApp WFA Server service.

For 2.2

======

See the installation and setup guide https://library.netapp.com/ecm/ecm_get_file/ECMP1397247

Page 29.

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

jpierson

Thank you very much sinhaa. Do you have any detail as to why http access is still needed using "localhost" and we can't simply stop the http port from listening? I know I'm going to be asked that.

Thanks in advance,

Jason

sinhaa

WFA cmdlets like Get-WfaLogger etc internally make rest call using localhost on http. Other job executors also use http on localhost. This is by design. So if the http port is disabled, WFA server willsure  come up and you can login too, but you can't do anything useful with it.

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

jpierson

Sinhaa. Appreciate the additional explanation. Thanks for all your help!

Jason

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public