How to prevent access to MDM MSP server from a specific IP address/FQDN? 

Description

As an IT administrator, you would want to restrict access to MDM MSP server from outside your organization network/firewall. This ensures MDM MSP server can be accessed only within the organization, thereby securing access to server and the data within. You can achieve this by restricting MDM MSP access to specific IP address/FQDN as explained below:

Steps

  • Stop MDM server.
  • On the machine running MDM server, navigate to <MDM installed folder>/ ManageEngine/MDMMSPServer. Open conf folder.
  • Open web settings.conf.  The conf file has this property ui.access.restricted.hostnames. This is used to restrict access to MDM MSP Server. For example if you want to MDM to be accessed only from the organization intranet, then specify ui.access.restricted.hostnames=252.2.2.33, <MDM machine_public_FQDN>. This ensures the MDM MSP server can be accessed only using localhost:9383, ip-address_of_the_machine:9383 and computer_name:9383. You cannot access the server from public IP address(252.2.2.33:9383) or the pubic FQDN..
  • Once the host names have been added, save the file. 
  • Start MDM MSP server.