How to prevent access to MDM server from a specific IP address/FQDN?

Description

As an IT administrator, you would want to restrict access to MDM server from outside your organization network/firewall. This ensures MDM server can be accessed only within the organization, thereby securing access to server and the data within. You can achieve this by restricting MDM access to specific IP address/FQDN as explained below:

Steps

  • Stop MDM server.
  • On the machine running MDM server, navigate to <MDM installed folder>/ ManageEngine/MDMServer. Open conf folder.
  • Open web settings.conf.  The conf file has this property ui.access.restricted.hostnames. This is used to restrict access to MDM Server. For example if you want to MDM to be accessed only from the organization intranet, then specify ui.access.restricted.hostnames=252.2.2.33, <MDM machine_public_FQDN>. This ensures the MDM server can be accessed only using localhost:9383, ip-address_of_the_machine:9383 and computer_name:9383. You cannot access the server from public IP address(252.2.2.33:9383) or the pubic FQDN..
  • Once the host names have been added, save the file. 
  • Start MDM server.