Cisco Headend Digital Broadband Delivery System
Chapter 7 DNCS Web Services Security
76
4034689 Rev A
Enable HTTPS Access and Installing Certificates
Allowing HTTPS Access to the BOSS Web Service
Complete the following procedure to allow a specific billing system to have HTTPS
access to the BOSS Web Service.
access to the BOSS Web Service.
Note: Only an “Allow from” state is required for HTTPS access to the BOSS Web
Service. Both an “Allow from” statement and a REMOTE_ADDR definition are
required for HTTPS access to the BOSS Web Service. The REMOTE_ADDR statement
is added later in this document.
1 Open an xterm window on the DNCS.
2
Service. Both an “Allow from” statement and a REMOTE_ADDR definition are
required for HTTPS access to the BOSS Web Service. The REMOTE_ADDR statement
is added later in this document.
1 Open an xterm window on the DNCS.
2
Log into the system as root:
a At the prompt, type
a At the prompt, type
su -
and press Enter.
b Type the root password and press Enter.
3 Open the /etc/apache2/user-conf/SAIdncs.bossreq.auth.conf file using a text
editor.
4 Add the following line to the end of the "Allow from" list:
Allow from [billing server IP]
Notes:
Replace [billing server IP] with the IP address or hostname of the billing
system.
system.
If a hostname is used, the hostname and IP address must be defined in the
/etc/hosts file.
/etc/hosts file.
An entire subnet can be allowed using slash notation.
Example: The “Allow from” list should look similar to the following example:
Order Allow,Deny
Allow from localhost
Allow from dncs dncs
Allow from dncsws
Allow from 172.16.20.1
Allow from 172.10.1.0/24
5 Add the following line after the "SSLRequire" line.
%{REMOTE_ADDR} eq "[billing server IP]" or \
Notes:
Replace [billing server IP] with the IP address or hostname of the billing
system.
system.
A hostname cannot be used in place of an IP address.