My cyber insurance company has flagged the fact that the login portal is publicly accessible. My current firewall does not allow for specific path blocking, is there a way within SimpleHelp server to turn off access to that page?
If you have Allow mobile Technician access disabled in Administration; Server Features, then that login page is non-functional (though it’ll still be available to scanners which can’t tell the difference). This means no Technicians will be able to log in from devices using the web interface, so it’s fine if you’re only using the Technician Console.
You can also do the following:
-
Go to your SimpleHelp server installation directory
-
Edit the file …/DEPLOY/html/webapps/login/login.html
-
Change the contents to:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="refresh" content="0; url=/">
<title>Redirecting...</title>
<script>
window.location.replace("/");
</script>
</head>
<body>
<p>Redirecting...</p>
</body>
</html>
Note: If you update to a later release, you’ll need to do this again, since the data in DEPLOY is not intended to be retained across updates. You can however copy the edited file across to the corresponding folder in …/SimpleHelp/configuration/ as described in the Branding Guide to make the changes persistent across updates.
We’re including a button to do this from the server settings in an upcoming build.