Restricting access to the View Admin Console

I received an email from a colleague asking if it was possible to restrict access to the View Admin console (https://<viewserver>/admin) to specific IP addresses. It was not something I’d come across but was an interesting requirement. I knew that it runs on tomcat so a quick bit of searching and I found the answer.

Firstly we need the web.xml file for the admin console which is located at (by default):

C:\Program Files\VMware\VMware View\Server\broker\webapps\admin\WEB-INF\web.xml

Now we need to insert the filter for the IP Addresses. I inserted it at the end of the existing filters, which was just above the   <!– MessageBroker Servlet –> line.

<filter-name>Remote Address Filter</filter-name>
<filter-name>Remote Address Filter</filter-name>

The <param-value>10\.0\.0\.21</param-value> is where we define addresses and we include multiple addresses or wild cards, for example <param-value>10\.0\.0\.21|10\.0\.0\.22</param-value>

In the above example not even the localhost would be able to access the admin console. More details for people far more experienced than myself with tomcat can be found here:

Again this is unsupported, but that’s never stopped people in the past!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s