CP+ 2.x Documentation Admin Guide  

CP+ Configuration

Related Docs:   End User CP Configuration

CP Configuration allows CP+ admin to configure most of the important aspects of CP+, like install new modules, upgrade existing modules, and upgrade CP+ itself. It provides means to change the port and address, select interface language, install CP+ licenses.

In order to do it, you should at first:

  1. Log into CP+ at http://cpplus_host:10000/ as admin with your server root password:
  2. Go to the Server Management tab and click the CP+ Configuration icon:
  3. On the page that appears choose between the following options:

    • IP Access Control to configure End User CP server to deny/allow access only from certain IP addresses;
    • Ports and Addresses to change the port number that End User CP listens on, or have it listen on only a single IP address;
    • Logging to track what actions admin users perform on the server;
    • Proxy Servers to set proxy server to access web and FTP sites;
    • User Interface to edit user interface options used by all End User CP modules;
    • Operating System and Environment to change the operating system End User CP treats your system as;
    • Language to choose which language End User CP will use for displaying titles, prompts and messages;
    • Upgrade CP+ to upgrade CP+ directly from Web interface;
    • Authentication to protect your End User CP server from brute-force password cracking attacks and more;
    • Trusted Referrers to configure CP+ referrer checking support;
    • Anonymous Module Access to make one or more CP+ modules accessible to any user, without requiring authentication;
    • SSL Encryption to be able to use SSL encrypted connections to your CP+ server;
    • Certificate Authority SSL certification can only be setup when the webserver is running in SSL mode.

 IP Access Control

This option allows to restrict access to the CP+ server to just those addresses that are trusted. By default, any address is allowed to access CP+.

Set the addresses you allow to access from, or list the specific addresses that you allow/deny access. Click Save after changes.

 Ports and Addresses

By default, the CP+ server will listen on every active IP address on the system. The Ports and Addresses option helps to set CP+ to listen only on one of them.

  1. In the Listen on Port field specify the network port on which CP+ will listen.
  2. Choose if you want to Listen for broadcasts on UDP port.
  3. Click Save.

 Logging

This option allows to write a log of webserver hits in the standard CLF log file format. If logging is enabled, you can also choose whether IP addresses or hostnames are recorded, and how often the log file is cleared. To view this log, go to the CP+ Actions Log module to see exactly what each CP+ user has been doing.

If you enable logging, you have a choice of options that allow you to do the following:

  • Log actions by all users, or only by specific users (choose from the multiple select box).
  • Log actions in all modules, or only in specific modules (choose from the multiple select box).
  • Log changes made to files by each action.

Click Save after changes.

 Proxy Servers

This option allows to configure proxy if your local network uses a proxy to access Web or FTP sites on the Internet.

Make sure to set Username for proxy and Password for proxy if your proxy requires authentication. Click Save after changes.

 User Interface

This option allows you to configure CP+ admin interface. For instance, you can configure where on the page will display the login name and host name of the server.

Some of the options displayed are:

  • Display login and hostname: set where you want user login and hostname to appear in CP+.
  • Hostname to display in CP+: you can choose between real hostname, hostname from URL, domain name from URL.

Make sure to save changes.

 Operating System and Environment

If you have upgraded your machine to a new version of your operating system, this option allows you to change the operating system. There's no need in updating this info, unless after upgrading your system, some configuration files were moved to new locations. CP+ knows how to interact with your system based on configuration files for each module, that are selected based on the operating system.

Here you can set the Program search path (e.g for system commands) and Library Search Path (e.g: for the password encryption library).
Note: these options hardly ever need to be changed, unless you have installed system tools and configuration files in odd locations on your system.

 Language

This page allows you to choose which language CP+ will use for displaying titles, prompts and messages.

 Upgrade CP+

This option allows to upgrade CP+ directly from the web interface. Read more about Upgrading CP+.

 Authentication

This CP+ option allows to prevent password cracking attacks on your server. If your CP+ server is widely accessible, and provides service to many users, it's recommended to configure this option in order to maximize the security of your system. When session authentication is enabled, each logged in users' session will be tracked by CP+, making it possible for idle users to be automatically logged out. Be aware that enabling or disabling session authentication may force all users to re-login.

Some of the options displayed are:

  • Password timeouts: if enabled, CP+ will block hosts that have a given number of failed login attempts by limiting the frequency of login attempts.
  • Check Log blocked hosts, logins and authentication failures to syslog if you want CP+ to log all failures and blocked addresses to syslog.
  • Session authentication: if enabled, CP+ will log users out after a specified time of inactivity, which prevents unauthorized users from accessing the server by simply using your computer.
  • Use PAM for Unix authentication, if available: (stands for: Pluggable Authentication Modules) allows to use different authentication standards without having to change or update the usual unix standard authentication services (login, ftp, telnet etc.).

Make sure to click Save for the changes to take effect.

 Trusted Referrers

This option allows you to set up CP+ referrer checking support, which is used to prevent harmful actions that can be caused by malicious links from other websites.

  • Choose if you want to have referrer checking enabled;
  • Enter trusted websites.

Click Save to preserve settings.

 Anonymous Module Access

This option allows you to grant access to selected CP+ modules and paths without users having to log in. For each module URL path that you enter in the form below (e.g: /custom or /passwd) make sure to enter a CP+ user whose permissions will be used for access to the module.

Important! Be VERY careful when granting anonymous access, because improper IP access controls or granting access to the wrong module may allow attackers to take over your system.

 SSL Encryption

You can use this module if your system has the OpenSSL libraries installed, as well as the Net::SSLeay Perl module.

This option allows using SSL encrypted connections to your CP+ server. It can maximize the security of your server by allowing password and user information to be sent in an encrypted form. In case if you are going to access your CP+ server from across the Internet, it is highly recommended that you use SSL encrypted sessions.

 Certificate Authority

This option allows configuring the SSL certificate for this server. Using this, you may configure your system to allow logins without a user name and password. SSL certification can only be setup when the webserver is running in SSL mode.


Related Docs:   End User CP Configuration


Home   Features   Pricing   Resellers   Docs   News   Contact
© Copyright 1998-2006. Positive Software Corporation.
All rights reserved.
Disclaimer