<<Previous: Require HTTPS for Direct | ↑Up: System Wide Settings | Next>>: Admin Access IPs |
Set this option to Y
so that proxy-forwarded access to the
admin interface is only permitted via HTTPS and not HTTP. Forwarded
connections are those hop(s) in the connection chain that are
forwarded from the client to a proxy (that then accesses the Parametric Search Appliance
directly); for control of direct connections to the Parametric Search Appliance admin
(or the direct last-hop from a proxy to the Parametric Search Appliance), see
Require HTTPS for Direct Admin.
Forwarded connections are checked by examining the
X-Forward-Proto header value of connections to the admin interface:
if all tokens are https
, the forwarded connection is considered
secure/HTTPS, otherwise insecure/HTTP. If no X-Forwarded-Proto
header is present, the connection is not considered forwarded and this
setting does not apply. Note that for this setting to be effective,
the network must be secured such that all devices with direct
access to the Parametric Search Appliance can be trusted to set (or clear) the
X-Forwarded-Proto header properly, as the header is easily
forged.
For safety, Require HTTPS for Proxy Admin cannot be enabled if you're currently accessing the Parametric Search Appliance via an insecure proxies.
If you have set this option Y
and accidentally configure it
such that you can not access the Parametric Search Appliance, you can re-enable HTTP
admin by going to the physical console of the Parametric Search Appliance and selecting
the drop Admin restrictions (HTTPS,IP,Cipher requirements)
option.
<<Previous: Require HTTPS for Direct | ↑Up: System Wide Settings | Next>>: Admin Access IPs |