Skip to main content
commvault.com commvault.com
Answer

How can we remove the Commserve hostname from HTML source (meta data) in Command Centre?

  • March 9, 2021
  • 5 replies
  • 263 views
M
Byte
Forum|alt.badge.img+8

Penetration testing has come up with the recommendation to remove the internal hostname of the Commserve node from the meta data of the Command Centre web site. Viewing the source of the page there is the cvApp={} definition (~5000 characters) and within that, the definition:

"CommcellConsoleUrl":"http://node01.domain:81/console" 

Where node01.domain is the internal FQDN of the active CS server. Is there a way of suppressing this string? There is no similar reference when using the WebConsole.

We have a separate proxy server sat in DMZ that external users connect to (MSP environment) that hosts the web console with the web server on the Commserve.

Best answer by Stuart Painter

Hi Mike

Just to follow up here, the item referenced, CommcellConsoleUrl, is actually configurable via an additional setting. So if you prefer to replace the internal FQDN with the public facing FQDN that may also help with your security audit concern.

https://documentation.commvault.com/commvault/v11_sp20/article?p=4361.htm

I’m guessing http:81 won’t be permitted through a firewall, but console is also addressable via Tomcat Web Console service on https://webconsole_fqdn/console so these resources will be presented on a consistent URL.

If any of your internal users access the Java console using the internal web URL, you will need to ensure the public FQDN is resolvable internally.

Thanks,

Stuart

 

    Damian Andre

    5 replies

    Mike Struening
    Vaulter
    Forum|alt.badge.img+23

    Hey @Mike London UK , good question.  Let me confirm where that is fed from and if it is something that can be changed.

    https://www.linkedin.com/in/michael-struening
    Mike Struening
    Vaulter
    Forum|alt.badge.img+23

    The url you are seeing points to a defined link that opens the CommCell Console.  Removing this information would potentially break other portions of the console.

    In and of itself, the information doesn’t help without login credentials.

    Let me know if that explains why it is showing up and if you have any further questions.

    https://www.linkedin.com/in/michael-struening
    M
    Byte
    Forum|alt.badge.img+8

    Thanks Mile, that’s enough to go back to the auditors with.

    S
    Vaulter
    Forum|alt.badge.img+15

    Hi Mike

    Just to follow up here, the item referenced, CommcellConsoleUrl, is actually configurable via an additional setting. So if you prefer to replace the internal FQDN with the public facing FQDN that may also help with your security audit concern.

    https://documentation.commvault.com/commvault/v11_sp20/article?p=4361.htm

    I’m guessing http:81 won’t be permitted through a firewall, but console is also addressable via Tomcat Web Console service on https://webconsole_fqdn/console so these resources will be presented on a consistent URL.

    If any of your internal users access the Java console using the internal web URL, you will need to ensure the public FQDN is resolvable internally.

    Thanks,

    Stuart

     

    Customer Support
    Jennifer Kelley
    Mike Struening
    Vaulter
    Forum|alt.badge.img+23

    Thanks Mile, that’s enough to go back to the auditors with.

    Great!  @Stuart Painter has some extra info that might assuage their concerns a bit more as well (and I made that the Best Answer as well for posterity).

    https://www.linkedin.com/in/michael-struening
    S
    M
    Terms & ConditionsCookie settingsAccessibility statement