To Edit The Arm_Security.config File And Enable The Arm Security Option - HP P4535A - Web Cache Server Appliance Administrator's Manual
Hp cache server appliance administrator guide
Hide thumbs
Also See for P4535A - Web Cache Server Appliance:
- Warranty and support information (12 pages) ,
- Manual (21 pages) ,
- Getting started manual (26 pages)
Table of Contents
Advertisement
Chapter 11
To use the ARM security feature, you must do the following in the order listed:
Edit the
arm_security.config
communicate with the Traffic Server machine.
IMPORTANT
Enable the ARM security option
To edit the arm_security.config file and enable the ARM security option:
1. Telnet into the HP web cache appliance and select Shell Access as described in
Methods‚ on page
2. Open the
arm_security.config
3. Add open, allow, and deny rules to define which ports you want to remain open and which hosts are
allowed to communicate with Traffic Server.
Each rule must have one of the following formats:
open tcp|udp ports o_ports
deny tcp|udp dport d_ports src src_IP_addresses
allow tcp|udp dport d_ports src src_IP_addresses
where o_ports
is the destination port, or series of destination ports separated by spaces, through which TCP or
d_ports
UDP traffic should either be allowed or denied.
src_IP_addresses
communication.
NOTE
You may also want to open the NFS and DNS ports, if required.
The following example rules specify that ports 119, 23, and 554 are to remain open for TCP
communication and that hosts 1.1.1.1 through 1.1.1.7 are allowed access to destination port 80. However,
the host 11.11.11.11 is denied access to destination port 80.
open tcp ports 119 23 554
allow tcp dport 80 src 1.1.1.1-1.1.1.7
deny tcp dport 80 11.11.11.11
For more information about the format of the
be used, refer to
4. Save and close the
5. Run the command
file to open specific ports and define the hosts that are allowed to
By default, the
arm_security.config
Server machine are closed (including telnet) except port 8080, which remains open
to allow Traffic Server to continue functioning normally. If you enable the ARM
security option with the default
out of the system. Before you enable the ARM security option, ensure that you have
either console access to the Traffic Server machine, or that you have added the
appropriate rules to the
arm_security.config
access for yourself.
7.
file located in Traffic Server's
is the port, or series of ports separated by spaces, that you want to remain open.
is the IP address or range of IP addresses specifying the source of the
If the Traffic Server machine is part of a cluster, ensure that port 90 is open for UDP
traffic and include rules to allow communication from all other machines in the
cluster.
arm_security.config‚ on page
arm_security.config
to apply the configuration changes.
traffic_line -x
file specifies that all ports on the Traffic
arm_security.config
file to allow
config
file and additional options that can
arm_security.config
160.
file.
Security Options
file, you will be locked
or
telnet
ssh
Overview of Access
directory with Vi.
82
Advertisement
Table of Contents
