Admin Console Security

Description

Specifies what sub networks and/or IP addresses can access the server. At the server level, this setting will affect all virtual hosts. You can also set up access control unique to each virtual host at the virtual host level. Virtual host level settings will NOT override server level settings.

Blocking/Allowing an IP is determined by the combination of the allowed list and the denied list. If you want to block only certain IPs or sub-networks, put * or ALL in the Allowed List and list the blocked IPs or sub-networks in the Denied List. If you want to allow only certain IPs or sub-networks, put * or ALL in the Denied List and list the allowed IPs or sub-networks in the Allowed List. The setting of the smallest scope that fits for an IP will be used to determine access.

Server Level: Trusted IPs or sub-networks must be specified in the Allowed List by adding a trailing "T". Trusted IPs or sub-networks are not affected by connection/throttling limits. Only server level access control can set up trusted IPs/sub-networks.

Tips

Security Use this at the server level for general restrictions that apply to all virtual hosts.

Description

Specifies the list of IPs or sub-networks allowed. * or ALL are accepted.

Syntax

Comma delimited list of IP addresses or sub-networks. A trailing "T" can be used to indicate a trusted IP or sub-network, such as 192.168.1.*T.

Example

Tips

Security Trusted IPs or sub-networks set at the server level access control will be excluded from connection/throttling limits.

Description

Specifies the list of IPs or sub-networks disallowed.

Syntax

Comma delimited list of IP addresses or sub-networks. * or ALL are accepted.

Example

Description

Configure WebAdmin Console login throttling and retention for related login and audit records.

Description

Enables login throttling for the WebAdmin Console. When enabled, repeated failed login attempts are tracked and temporarily blocked to reduce brute-force password attacks. If only this option is enabled and the other throttle settings are left unset, built-in defaults are used.

Syntax

Select from radio box

Tips

Security Keep this enabled in production unless you are troubleshooting login issues. When enabled without custom values, the defaults are 5 failures, 900 seconds initial block, and 14400 seconds maximum block.

Description

Specifies how many consecutive failed login attempts are allowed before the client is blocked. Default value when not set: 5.

Syntax

Integer number

Tips

Security Lower values increase protection but may block legitimate users more quickly.

Description

Specifies the initial amount of time, in seconds, that a client is blocked after reaching the maximum allowed login failures. Default value when not set: 900 seconds.

Syntax

Integer number

Tips

Information Use a duration long enough to discourage repeated attacks without causing excessive lockout time for valid users.

Description

Specifies the maximum block duration, in seconds, when repeated failed login attempts continue and the throttle backoff increases. Default value when not set: 14400 seconds.

Syntax

Integer number

Tips

Information Set an upper bound that is strong enough to slow down automated attacks while still allowing recovery within a reasonable time.

Description

Specifies how many days login history records are kept before old entries are removed. Default value when not set: 90 days.

Syntax

Integer number

Tips

Information Keep enough history for auditing and troubleshooting, but avoid retaining more data than you actually need.

Description

Specifies the maximum number of operation audit files to retain for the WebAdmin Console. Default value when not set: 30 files.

Syntax

Integer number

Tips

Information Increase this value if you need a longer audit trail, but remember that more files will use more disk space.

Description

Change the username and password for the WebAdmin Console. The old password must be entered and verified in order to save changes.

Description

Specifies the WebAdmin Console login name. Use 1 to 25 characters: letters, digits, dot, underscore, or hyphen.

Description

Enter the current password for this WebAdmin user. It is required before changes to the username or password can be saved.

Description

Enter the new password for this WebAdmin user. The password may contain any characters and is required when creating or updating a WebAdmin user.

Description

Enter the new password again. It must match New Password.