Logo

Parametric Search Appliance

This is custom script. Do not install updates.

 

Thunderstone Search Appliance Manual

<<Previous: Require HTTPS for Direct ↑Up: System Wide Settings Next>>: Admin Access IPs

Require HTTPS for Proxy Admin

Set this option to Y so that proxy-forwarded access to the admin interface is only permitted via HTTPS and not HTTP. Forwarded connections are those hop(s) in the connection chain that are forwarded from the client to a proxy (that then accesses the Parametric Search Appliance directly); for control of direct connections to the Parametric Search Appliance admin (or the direct last-hop from a proxy to the Parametric Search Appliance), see Require HTTPS for Direct Admin.

Forwarded connections are checked by examining the X-Forward-Proto header value of connections to the admin interface: if all tokens are https, the forwarded connection is considered secure/HTTPS, otherwise insecure/HTTP. If no X-Forwarded-Proto header is present, the connection is not considered forwarded and this setting does not apply. Note that for this setting to be effective, the network must be secured such that all devices with direct access to the Parametric Search Appliance can be trusted to set (or clear) the X-Forwarded-Proto header properly, as the header is easily forged.

For safety, Require HTTPS for Proxy Admin cannot be enabled if you're currently accessing the Parametric Search Appliance via an insecure proxies.

If you have set this option Y and accidentally configure it such that you can not access the Parametric Search Appliance, you can re-enable HTTP admin by going to the physical console of the Parametric Search Appliance and selecting the drop Admin restrictions (HTTPS,IP,Cipher requirements) option.


Copyright © Thunderstone Software     Last updated: Jul 28 2017

<<Previous: Require HTTPS for Direct ↑Up: System Wide Settings Next>>: Admin Access IPs
Page generated in 0.08 seconds.
2024-11-23 18:46:36 EST