Wireless Access

Reply
Occasional Contributor I

how can i update my httpd.conf file on aruba controller

how can i update my httpd.conf file on aruba controller

 

httpd.conf

Re: how can i update my httpd.conf file on aruba controller

What would be the use case?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor I

Re: how can i update my httpd.conf file on aruba controller

i modify httpd.conf on a aruba controller

why not save

 

Moderator

Re: how can i update my httpd.conf file on aruba controller

it cannot be done as the httpd.conf is deliberately overwritten by the software to prevent modifications.

Occasional Contributor I

Re: how can i update my httpd.conf file on aruba controller

Scenario of use case for my situation is to resolve vulnerabilities detected by Rapid7 with regard to "Apache Server mod_info is Publicly Accessible".  Specific tip is provided to resolve this:

 

 

The configuration file for apache (httpd.conf), reads:

      <Location /server-info>
      SetHandler server-info
      </Location>

To remove the feature from Apache, rewrite this to:

      # comment everything out
      #<Location /server-info>
      #  SetHandler server-info
      #</Location>

To keep the feature, adding access control, rewrite it to:

      # add access control
      <Location/server-info>
      SetHandler server-info

      Order deny,allow
      Deny from all
      Allow from 127.0.0.1
      </Location> 

Re: how can i update my httpd.conf file on aruba controller

The httpd.conf files is not configurable on the controller. Please open a TAC case with the details and copies of your findings so that our security team can review. Chances are it's not a true vulnerability, but they can read through the details from your scanner and fill you in on the details.

Jerrod Howard
Sr. Techical Marketing Engineer
Moderator

Re: how can i update my httpd.conf file on aruba controller

The mod_info module is not present in the Apache binary in ArubaOS.  I think your Rapid7 scanner is broken...

 

Are you sure it's not being confused by a captive portal redirect?

---
Jon Green, ACMX, CISSP
Security Guy
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: