Technical Note: Secure ShelfManager HTTP access with a password

Sabk_FTNT · ‎06-23-2017

Description

This article explains how to set a username and password to secure HTTP access to the chassis ShelfManager.

Scope

It applies to FortiGate 5000 chassis series.

The process provided has been validated with Pigeon Point Shelf Manager version 3.4.2.4. It might vary slightly with other versions.

Solution

1) Connect to the ShelfManager via telnet or SSH.

2) Go to directory /etc and create a file httpd.conf with username and password.

Use VI as text editor.
cd /etc
vi httpd.conf

Add a single line to the file.
/:Username:mypassword

3) Kill the current running httpd process and restart with the password file. Use the "ps" command to list the process ID and then use the kill command.

kill -9 <httpd pid>

Restart http deamon with
/bin/httpd -h /usr/httpd/html -r httpd.conf

4) Clear browser cache and validate correct authentication prompt for HTTP access to the ShelfManager.

5) At this stage the Shelf manager is protected by a password for HTTP access but the settings are not saved. After a reboot, access to the shelf manager via HTTP will again be possible without password.

After correct validation at step 4, adjust the boot file for HTTP access secured also after ShelfManager reboot.

This is achieved by modification of the file rc.common in the directory /etc.

Edit the rc.common file. Find the line "daemon -f /bin/httpd -h /usr/httpd/html" and replace it with "daemon -f /bin/httpd -h /usr/httpd/html -r /etc/httpd.conf"

Save file changes.

6) Reboot ShelfManager and validate correct prompt for login for HTTP access.

# reboot

Related Articles

Technical Note : How to disable Network Services on ShelfManager v2.5.3 and v2.6.4.4