Disable HTTP Admin Console Access

Openfire Openfire Support
1

I just recently got everything set up. One question I have is how do I disable access to the http admin console on port 9090? I tried deleting the server property, and entering a blank value for the property. Does not seem to work. Thanks in advance for your help.

2

Why do you have to disable it? This is the only way to manage server. If you want to restrict acces from other machines use firewall. In my case (linux + iptables) im restricting by IP and MAC of my machine. I’'m also using HTTPS on port 9091. if you are such paranoic you may like it:)

3

I actually think it’‘s a reasonable request. I just changed the code so that you can disable either port by setting the value to -1. If you disable both ports, you won’'t be able to access the admin console. This is filed as JM-209.

Regards,

Matt

4

and how one can access admin page after this? Maybe change something in conf.xml?

5

and how one can access admin page after this? Maybe

change something in conf.xml?

Right, if you set both the normal port and secure port to -1 in the XML file, you can’‘t access the admin console at all. If you change either value to a real port number, you’'ll be able to access the admin console again.

-Matt

6

Thanks, Matt! I prefer to have all admin access via encrypted channels. How do I incorporate the modification for a Windows install? Did you release a new binary or will I have to compile on the Windows box?

7

Rich,

You have a few options for getting the change:

  1. Wait for the next release (2.1.3)

  2. Copy the JAR files (lib directory) from the latest nightly build over your existing JAR files.

Regards,

Matt

8

Could the same setting be used to disable the non-SSL server port (5222)? This would force encrypted only access to the server.

9

Disabling non-ssl connections for XMPP has been discussed a few times before. Please see:

http://www.jivesoftware.org/forums/thread.jspa?threadID=13871

-Matt

10

I changed the plain admin console setting to -1 as you instructed (after copying the new .jar files). This is what I get in the log:

2005.03.14 11:21:36 [org.jivesoftware.messenger.container.AdminConsolePlugin.initializePlugin(Admin ConsolePlugin.java:139)

] Trouble initializing admin console

org.mortbay.util.MultiException[java.lang.IllegalArgumentException: Port value out of range: -1]

at org.mortbay.http.HttpServer.doStart(HttpServer.java:673)

at org.mortbay.util.Container.start(Container.java:72)

at org.jivesoftware.messenger.container.AdminConsolePlugin.initializePlugin(AdminC onsolePlugin.java:122)

at org.jivesoftware.messenger.container.PluginManager.loadPlugin(PluginManager.jav a:191)

at org.jivesoftware.messenger.container.PluginManager.access$300(PluginManager.jav a:69)

at org.jivesoftware.messenger.container.PluginManager$PluginMonitor.run(PluginMana ger.java:420)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source)

at java.util.concurrent.FutureTask.runAndReset(Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101 (Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodi c(Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknow n Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

java.lang.IllegalArgumentException: Port value out of range: -1

at java.net.ServerSocket.(Unknown Source)

at org.mortbay.util.ThreadedServer.newServerSocket(ThreadedServer.java:394)

at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:466)

at org.mortbay.util.ThreadedServer.start(ThreadedServer.java:495)

at org.mortbay.http.SocketListener.start(SocketListener.java:203)

at org.mortbay.http.HttpServer.doStart(HttpServer.java:703)

at org.mortbay.util.Container.start(Container.java:72)

at org.jivesoftware.messenger.container.AdminConsolePlugin.initializePlugin(AdminC onsolePlugin.java:122)

at org.jivesoftware.messenger.container.PluginManager.loadPlugin(PluginManager.jav a:191)

at org.jivesoftware.messenger.container.PluginManager.access$300(PluginManager.jav a:69)

at org.jivesoftware.messenger.container.PluginManager$PluginMonitor.run(PluginMana ger.java:420)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source)

at java.util.concurrent.FutureTask.runAndReset(Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101 (Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodi c(Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknow n Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

11

Urg, I forgot to mention that daily builds seem to have been broken since the 7th. We’'re trying to figure that out today. When you download the next nightly build, make sure the date is on or after the 14th.

-Matt