Restrict access to the web resources on ap9631

Anonymous user · ‎2021-06-30

Hi, we have an AP9631 NMC. It was scanned by our network security software and found to have vulnerabilities with web files. Is there any way to restrict access to scripts/mailtoform.html? If not, can it be disabled?

Thanks in advance!

Anonymous user · ‎2021-06-30

Thanks a lot voidstar! I areally appreciate your help.

See Answer In Context

voidstar_apc · ‎2021-06-30

Hi,

>
Hi, we have an AP9631 NMC. It was scanned by our network security software and found to have vulnerabilities with web files.
>

Usually such scanners indicated potential vulnerabilities based on evidence from the scan.

>
Is there any way to restrict access to scripts/mailtoform.html? If not, can it be disabled?
>

The NMC doesn't have such a page, but I notice that the web server returns a "protected object" page for any URL under scripts/. That might have tripped up the scan which is looking for the existence of a specific script it knows is vulnerable. In this case, the script doesn't actually exist but the scan thinks it does.

I'm not sure how much I can say about the next release of the NMC firmware, but you'll have plenty of capability to limit access to the device.

Anonymous user · ‎2021-06-30

Thanks voidstar!

What about disabling the web access altogether? So, nobody will be able to access the web interface at all.

Again, thanks.

Anonymous user · ‎2021-06-30

First question is answered. Not sure if I am doing this right. See my last post. Wondering if I can disable web access altogether.

Thanks!

Message was edited by: jschoen

voidstar_apc · ‎2021-06-30

>
Thanks voidstar!

What about disabling the web access altogether? So, nobody will be able to access the web interface at all.
>

On the web interface under networking, there's a section to disable the web server. You can also change the port so that the scan may not find it. If you need to re-enable the web server at a later time, you can use the "web" command through telnet, ssh, or the card's rs232 configuration port. You can also enable/disable or configure the web interface by FTPing in an appropriate .ini file, which is nice for configuring multiple devices.

That said, I hope you can explain to the right people that the scan didn't find an actual vulnerability.

Best of luck!

Anonymous user · ‎2021-06-30

Thanks a lot voidstar! I areally appreciate your help.