To restrict access to ZENworks Control Center from a subnet or an IP address range, perform the following steps:
Stop the ZENserver and ZENloader services.
In the %zenworks_home%/share/tomcat/webapps/zenworks directory, create a folder named META-INF.
Create a file named context.xml and add it to the META-INF folder. The context.xml file should include the following content, with the IP address series to which you want to provide or deny access:
<?xml version='1.0' encoding='utf-8'?> <Context> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="<IP Address Series 1>.*, <IP Address Series 2>.*,.......<IP Address Series n>.*"/> <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="<IP Address Series 1>.*, <IP Address Series 2>.*,........<IP Address Series n>.*"/> </Context>
Based on whether you want to provide or deny access, make the relevant edits to the context.xml file:
To allow only a certain series of IP addresses, configure the following line to include the relevant IP address series. For example:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"allow="164.99.96.*, 164.99.125.*"/>
To deny a certain series of IP addresses, configure the following line to include the relevant IP address series. For example:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"deny="164.99.138.*,164.99.95.*"/>
If the allow attribute is configured, all other IP address ranges are denied by default and vice versa.
Delete the %zenworks_home%/share/tomcat/work folder.
Start the ZENserver and ZENloader services.
If you want to make changes to the IP address range (allow or deny attribute value), repeat Step 1, delete the %zenworks_home%/share/tomcat/conf/Catalina/localhost/zenworks.xml file, update the IP changes in the context.xml file, and then repeat Step 6.
NOTE:Remember to backup the META-INF folder before you perform a system update. This enables you to re-create this folder if it is deleted after a system update.