403 Forbidden

In ISL Conference Proxy, default security settings allow access to ISL Conference Proxy administration only from the localhost (i.e. you can access it from the same machine that is running ISL Conference Proxy). 

When you try accessing the ISL Conference Proxy administration from a different machine, you will receive the error message 'Error 403: Forbidden'.

It is possible to allow access to the administration for other machines.

Note: When access is allowed from different machines, please keep in mind security implications - allowing access only via localhost is the most secure option. If you do want to allow access to other computers, make sure you only allow the access to computers you trust. It is also highly recommended to force SSL for the administration panel, to avoid sending administration login credentials through non-encrypted network traffic. To enable this setting, in the administration page navigate to Configuration -> Security and enable the setting Must use SSL for server administration.

Allow other machines to access the administration page

If your server has a GUI (graphical user interface), you can access the configuration directly on the server machine and adjust security setting to allow other machines.

1. Open up the administration page on the server machine (localhost:7615/conf)
2. Login to the administration page
3. Navigate to Configuration -> Security
4. Find the setting 'Allowed IP addresses for server administration'

To allow other machines to access the administration of your ISL Conference Proxy, you will need to add that machine's IP address to the 'Allowed IP addresses for server administration' setting. IP addresses can be added in a couple of ways:

• Single IP address (e.g.: 'Allowed IP addresses for server administration': 192.168.1.100)
• Multiple IP addresses separated by comma (e.g.: 'Allowed IP addresses for server administration': 192.168.1.100,192.168.1.105,192.168.1.108)
• IP range using subnet mask (e.g.: 192.168.0.0/255.255.0.0, 192.168.0.0/8)

Note: It is possible to use multiple IP addresses and IP ranges at the same time. Example:

'Allowed IP addresses for server administration': 192.168.1.100,192.168.1.0/255.255.255.0,192.168.2.205,192.168.3.0/255.255.255.0)

Note: If you are unsure which IP address your computer uses when communicating with the ISL Conference Proxy server, you can visit your server's /myip page (e.g.: www.myicp.com/myip) on the machine where you would like to use the administration page. This page will display your machine's IP address which you should enter into the 'Allowed IP addresses for server administration' setting.

Servers without GUI

If you have installed your ISL Conference Proxy on a machine which does not have a GUI, you will not be able to access the administration directly from the server machine itself. In this case, it is possible to use one of the following solutions.

SSH tunnel

It is possible to access the administration page by using an SSH tunnel. 

PuTTY

1. Open the PuTTY configuration and navigate to the Session section
2. Input the Host name (or IP address) of your ISL Conference Proxy server
3. Choose a name for your SSH connection, input it into the 'Saved Sessions' input window (e.g.: ICP SSH Session) and click 'Save'
4. Navigate to Connection -> SSH -> Tunnels
5. In the Add new forwarded port section, choose a source port (e.g.: 17615)
6. In the Destination input field, enter localhost:7615
7. Click 'Add'
8. Go back to the Session section, in the list of saved sessions select your saved session and click 'Open'
9. Login with credentials of the remote ISL Conference Proxy server machine
10. On local machine, open a browser and navigate to localhost:17615/conf
11. ISL Conference Proxy administration page will open

Terminal

1. In terminal, use the command ssh -L 17615:localhost:7615 root@machine
2. On local machine, open a browser and navigate to localhost:17615/conf
3. ISL Conference Proxy administration page will open

After you have access to the ISL Conference Proxy administration through the tunnel, you can allow other IP addresses to access administration by following the Allow other machines to access the administration section of this guide.

Terminal command

If your ISL Conference Proxy is installed on a Linux machine which does not have a GUI, you can allow another computer to access the administration page by using the terminal command confproxyctl headless. 

Note: This command will first ask you to input your desired administration password (the password which you will use to login to the administration page, default password is asd). After this, you will be asked to input the IP address of the computer you wish to use the administration page from.

1. In the terminal, enter the command confproxyctl headless
2. Input your desired administration password
3. Input the IP address of the computer you wish to use the administration page from

After you have access to the ISL Conference Proxy administration, you can allow other IP addresses to access administration by following the Allow other machines to access the administration section of this guide.

Command file

You can use Command Files to adjust the allowed IP addresses for administration through the server command line.

Note: This approach requires you to restart your server.

1. Navigate to the ISL Conference Proxy installation directory (Linux: /opt/confproxy, Windows: C:/Program Files/ISL Conference Proxy)
2. Create a new file called 'setting_trustednet' in the ISL Conference Proxy installation directory
3. For the content of the file, enter the IP address of the machine where you will access the administration page, then save the file content
4. Restart the server (Linux: confproxyctl restart, Windows: net stop confproxy & net start confproxy)

After the server has restarted, you will be able to access the administration page from your machine.