Management portal settings, User’s guide – version 3.5 netflow tracker 63 – Fluke Computer Accessories User Manual
Page 63
User’s Guide – version 3.5
NetFlow Tracker
63
You can use your own html page if you wish by putting it in the “customweb” folder
under the NetFlow Tracker install folder; it is then available from the NetFlow Tracker
server as, for example, http://server/customweb/file.html, so the homepage would
be simply customweb/file.html.
Management Portal Settings
NetFlow Tracker allows a management portal to offer interactive NetFlow Tracker
reports with device or interface level access control to multiple users, so long as the
portal’s HTTP proxy server can conceal the initial URL sent to NetFlow Tracker, and
can direct subsequent HTTP requests from the user interacting with the page to the
correct NetFlow Tracker server, It is possible to use an Apache web server as a proxy
if the management portal does not contain one or it is not sufficiently programmable.
Note that it is essential that NetFlow Tracker is
to prevent the
system from being bypassed.
In order to set up portal access control you must first configure one or more secure
secret values in NetFlow Tracker using the Management Portal Settings page. Each
secret value has a tag that is simply used to identify it if you need to change or delete
it. To add a new secret value enter a tag and the secret value twice and click “Add”. To
remove a secret value, tick the box above the “Delete” button corresponding to it and
click “Delete”.
Access control works as follows:
1. A user’s web browser requests a URL from the portal’s proxy server (probably
as a result of an IFRAME in a portal page) that identifies a particular NetFlow
Trracker report, e.g.:
http://<proxy>/tracker1/report1
2. The portal’s proxy server sends a request to the correct Tracker server that
selects the correct report and contains one of the configured secret values and
some
describing what the user can access:
http://<tracker1>/report.jsp?portalsecret=<secret>&aclif=...
3. NetFlow Tracker creates a session for the portal and logs it in. This session is
restricted so that any request that does not contain an access list identifier
(see below) is rejected.
4. The report generated by NetFlow Tracker ensures that any interaction such as
clicking a link results in a request containing a securely-generated access list
identifier:
http://<proxy>/tracker1/report.jsp?portalacl=...
5. The portal’s proxy server sends the request, unaltered, to the correct NetFlow
Tracker server:
http://<tracker1>/report.jsp?portalacl=...