Use of this document and web site are governed by the Terms and Conditions of Use for InfoExpress's web site.SummaryA Remediation Server is used to host patches, updates and often the CyberGatekeeper agent, so that users can quickly and easily download the files needed to pass audit and remain in compliance with network policy. This technote describes how to configure a web server so that it can successfully be used as a CyberGatekeeper Remediation Server.
Initial Steps- Create a file called cybergatekeeper.html on the web server, and place it in the web root. This file will be displayed to users who are redirected to the web site because they have either failed audit, or do not have an agent installed. We recommend that the file include a message describing why the user is seeing this page, as well as links to download the CyberGatekeeper agent.
Server specific instructions are included below:
Internet Information Server (IIS)- Add cybergatekeeper.html to Web Site Properties -> Documents as the Default Document.
- Configure cybergatekeeper.html to be shown whenever pages are not found on the web server. This will show cybergatekeeper.html when web pages are requested from unaudited systems or systems that have failed the audit:
Web Site Properties ->
Custom Errors -> Select
404 ->
Edit Properties and browse to cybergatekeeper.html
- Set cybergatekeeper.html Properties:
File Security -> select
Anonymous Access (Need to enable
Anonymous Access)
Apache- Make cybergatekeeper.html the default document by replacing the following line in httpd.conf:
DirectoryIndex index.html index.html.var with this:
DirectoryIndex cybergatekeeper.html index.html index.html.var- Configure cybergatekeeper.html to be shown whenever pages are not found on the web server. This will show cybergatekeeper.html when web pages are requested from unaudited systems or systems that have failed the audit. This is done by replacing the following line in httpd.conf:
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var With this:
ErrorDocument 404 /cybergatekeeper.html- If you use virtual hosts, you should either set the default vhost to serve up cybergatekeeper.html, or have Apache listen on a different, dedicated port for this purpose.
Final Steps- Configure a redirect rule on the CyberGatekeeper Server to redirect all unaudited systems to the web server which will display the cybergatekeeper.html page when the URL is not found. This is done by redirecting all traffic sent on port 80 to your internal network to a the remediation server.
- If you wish to use the Remediation Server as a regular web server as well, you should not use port 80. Instead, create another web site on a different port (e.g. "Listen 8080") that is configured as above. Then use the redirection filters on CyberGatekeeper Server to point to the web site and to the selected port. This will let you use the web server for other purposes as well. Note that this is not an option for DNAC/DNS redirection, as the port remains the same.
- It's important to note that redirection happens at layer 2, so URLs are not rewritten. That means if a user browses to /sales/info/index.php they will be redirected to that URL on your remediation server. Please ensure that your remediaiton page does not use relative URLs as these will not work for all redirected URLs. Absolute URLs (full image and link paths) are required.
Related TechnotesUse of this document and web site are governed by the Terms and Conditions of Use for InfoExpress's web site.
