Restricting access to the Admin WebConsole of WebAccess 2012
With the new WebAccess 2012 web application, the console is now a WebConsole that can be accessed by the URL http://<server>/gw/webacc?action=Admin.Open
I search the KB, the documentation and now this forum, looking for a way to restrict access to my precious WebAccess Console. No luck! (Only one thread ask for a similar solution “restrict admin tool based on ip”… with no solution provided so far)
Humm… So we are only 2 guys in the Groupwise community concern with security in those days? No engineer at Novell ask himself if exposing an Admin console to the Whole Internet is a good idea?
Furthermore, login (successes and failures) to the Webconsole are not written to log files. So I cannot even monitor if my WebConsole is under a brute force attack!
Here some technical information to consider:
1) I have Groupwise 2012 SP2 running under Windows 2008 R2
2) Since the Admin Webconsole is hosted under the same web site as WebAccess, I cannot restrict access to the URL http://<server>/gw/webacc?action=Admin.Open without blocking at the same time access to WebAccess using firewall or IIS rule.
3) I do not want to use IPS to restrict access to this URL
Tags for this Thread