Is there a setting to merge.cpf so the management portal is not accessible?
Hi folks!
Is there an easy setting, e.g., to merge.cpf so that it will disable the management portal on a deployed IRIS container?
The idea is to let only one of my particular web apps be available and everything else not even accessible on IRIS.
Comments
To disable the Management Portal on a deployed InterSystems IRIS container, you can add a specific configuration in the merge.cpf file. Set the internal web server port to 0, which effectively disables the Management Portal:
[Startup]
WebServerPort=0
By setting WebServerPort to 0 in the CPF file, the internal web server is effectively disabled, making the Management Portal inaccessible. This change is typically included in a configuration file (merge.cpf) when setting up IRIS instances 1.
Sources:
WebServerPort=0 only stops internal apache which has been removed many years ago. It does not affect an external webserver.
Change it in CSP.ini, leaving only your web app entry.
I suppose you can do it via Merge CPF too if you really want:
[Actions]
ModifyApplication:Name=/api/atelier,Enabled=0
ModifyApplication:Name=/api/deepsee,Enabled=0
ModifyApplication:Name=/api/docdb,Enabled=0
ModifyApplication:Name=/api/healthshare-rest/hssys,Enabled=0
ModifyApplication:Name=/api/iam,Enabled=0
ModifyApplication:Name=/api/iknow,Enabled=0
ModifyApplication:Name=/api/interop-editors,Enabled=0
ModifyApplication:Name=/api/mgmnt,Enabled=0
ModifyApplication:Name=/api/monitor,Enabled=0
ModifyApplication:Name=/api/security-config,Enabled=0
ModifyApplication:Name=/api/uima,Enabled=0
ModifyApplication:Name=/csp/broker,Enabled=0
ModifyApplication:Name=/csp/documatic,Enabled=0
ModifyApplication:Name=/csp/fhir-management,Enabled=0
ModifyApplication:Name=/csp/fhir-management/api,Enabled=0
ModifyApplication:Name=/csp/fhirsql,Enabled=0
ModifyApplication:Name=/csp/fhirsql/api/repository,Enabled=0
ModifyApplication:Name=/csp/fhirsql/api/ui,Enabled=0
ModifyApplication:Name=/csp/healthshare,Enabled=0
ModifyApplication:Name=/csp/healthshare/hcc,Enabled=0
ModifyApplication:Name=/csp/healthshare/hcc/bulkfhir,Enabled=0
ModifyApplication:Name=/csp/healthshare/hcc/bulkfhir/api,Enabled=0
ModifyApplication:Name=/csp/healthshare/hcc/services,Enabled=0
ModifyApplication:Name=/csp/healthshare/hssys,Enabled=0
ModifyApplication:Name=/csp/healthshare/hssys/app,Enabled=0
ModifyApplication:Name=/csp/healthshare/hssys/app/api,Enabled=0
ModifyApplication:Name=/csp/healthshare/hssys/services,Enabled=0
ModifyApplication:Name=/csp/hscustom,Enabled=0
ModifyApplication:Name=/csp/hssys,Enabled=0
ModifyApplication:Name=/csp/oauth2-client/api,Enabled=0
ModifyApplication:Name=/csp/oauth2-server/api,Enabled=0
ModifyApplication:Name=/csp/sys,Enabled=0
ModifyApplication:Name=/csp/sys/exp,Enabled=0
ModifyApplication:Name=/csp/sys/mgr,Enabled=0
ModifyApplication:Name=/csp/sys/oauth2,Enabled=0
ModifyApplication:Name=/csp/sys/op,Enabled=0
ModifyApplication:Name=/csp/sys/sec,Enabled=0
ModifyApplication:Name=/csp/test,Enabled=0
ModifyApplication:Name=/csp/user,Enabled=0
ModifyApplication:Name=/isc/studio/rules,Enabled=0
ModifyApplication:Name=/isc/studio/templates,Enabled=0
ModifyApplication:Name=/isc/studio/usertemplates,Enabled=0
ModifyApplication:Name=/ui/interop,Enabled=0
ModifyApplication:Name=/ui/security-config,Enabled=0Wow. There are really many applications! Thank you, @Eduard Lebedyuk
Perhaps in the future you will want to disable the web application not entirely, but specifically some specific functionality (package or class). In this case, you will find this useful - Enabling Access to Pages and Classes
The same can be done programmatically, via CPF or even the Management Portal itself (System > Security Management > Web Applications > Edit Web Application - (security settings) > Percent Class Access):
PS: a complete list of built-in and system applications with a description: Built-In and System Applications