Search Appliance SBE
Set this option to Y
so that proxy-forwarded access to the
admin interface is only permitted via HTTPS and not HTTP. Forwarded
connections are those hop(s) in the connection chain that are
forwarded from the client to a proxy (that then accesses the Search Appliance
directly); for control of direct connections to the Search Appliance admin
(or the direct last-hop from a proxy to the Search Appliance), see
Require HTTPS for Direct Admin.
Forwarded connections are checked by examining the X-Forward-Proto header value of connections to the admin interface:
if all tokens are https
, the forwarded connection is considered
secure/HTTPS, otherwise insecure/HTTP. If no X-Forwarded-Proto
header is present, the connection is not considered forwarded and this
setting does not apply. Note that for this setting to be effective,
the network must be secured such that all devices with direct
access to the Search Appliance can be trusted to set (or clear) the
X-Forwarded-Proto header properly, as the header is easily
forged.
For safety, Require HTTPS for Proxy Admin cannot be enabled if you're currently accessing the Search Appliance via an insecure proxies.
If you have set this option Y
and accidentally configure it
such that you can not access the Search Appliance, you can re-enable HTTP
admin by going to the physical console of the Search Appliance and selecting
the drop Admin restrictions (HTTPS,IP,Cipher requirements)
option.