Geneos ["Geneos"]
["Geneos > Netprobe"]["User Guide"]

Restrict HTTP hosts

Overview

It is possible to configure a Netprobe to only accept HTTP connections from a nominated 'trusted' list of HTTP hosts.

Trusted HTTP hosts

You can nominate a list of trusted HTTP hosts by setting the TRUSTED_HTTP_HOSTS variable, either in the Windows registry, or as an environment variable on Linux and other platforms. The variable should be set to the names of the trusted hosts, separated by commas. For more information, see Setting variables for Netprobe on Windows platforms in Netprobe variables.

TRUSTED_HTTP_HOSTS may contain a host alias as defined in /etc/hosts file. If TRUSTED_HTTP_HOSTS is set to +, then any HTTP host is trusted—this is equivalent to not setting the TRUSTED_HTTP_HOSTS variable.

Non-trusted hosts attempting to connect via HTTP will cause a warning message to be logged on the Netprobe and to all connected Gateway and Active Console Event Tickers.

Trusted debug hosts

You can nominate a list of HTTP hosts for debugging purposes. This is done by setting the TRUSTED_DEBUG_HOSTS variable, either in the Windows registry, or as an environment variable on Linux and other platforms. The variable should be set to the names of the trusted hosts, separated by commas. For more information, see Setting variables for Netprobe on Windows platforms in Netprobe variables.

TRUSTED_DEBUG_HOSTS may contain a host alias as defined in /etc/hosts file. If TRUSTED_DEBUG_HOSTS is set to +, then any HTTP host is trusted. By default, the trusted debug host is 127.0.0.1. This applies even if TRUSTED_DEBUG_HOSTS is not set.

Non-trusted hosts attempting to connect via HTTP will cause a warning message to be logged on the Netprobe. For example:

WARN: ORB Non-trusted host itrslp003 rejected. Trusting only (127.0.0.1) for HTTP Debug components.