Security

Reply
MVP

Limit guests from accessing /tips

Hi Guys,

 

Since guests need https access to clearpass nothing is currently stopping them from removing the path from any url (keeping only https://domain.tld/) which gets them automatically redirected to the /tips admin logon prompt.

Is there any way to limit who may access that /tips path whether by blocking access altogether or simply ignoring authentication requests?

 

I found in "Monitoring - Eventviewer" that those CPPM sees the client ip address the user has when logging on so I figured I'd change the  "Copy_of_[Policy Manager Admin Network Login Service]" to have its service include a  "Connection - Client-IP-Address" with a simple "equals - ip address" (for testing), but this still allows any and all ip addresses to logon.

 

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba

Re: Limit guests from accessing /tips

You can limit access in the server settings.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP

Re: Limit guests from accessing /tips

So simple ... :smileyembarrassed:

Thank you.

 

And to make sure nobody else misses the attached image from your post:

cppm_access

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Super Contributor II

Re: Limit guests from accessing /tips

I had made a feature request for this a few months back

https://community.arubanetworks.com/t5/Technology/CPPM-limit-access-of-tips-to-Management-IP-only/idi-p/70840

 

This is great I didn't realize it had been implemented!

 

Thanks Aruba and @koenv

Occasional Contributor II

Re: Limit guests from accessing /tips

Thank you

 

Dusan

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: