2 OTRS ITSM Questions: Disable Network Scan / Reverse Proxy!

[ThatGuy84]

Hi All, I am new to the OTRS world, and I am running:

* OTRS 3.2.11
* mysql-server-5.1.69-1
* OTRS ITSM 3.2.9
* RHEL 6.4 64bit with SELINUX disabled.

2 Questions I am hoping you can help me with.

How do I stop the Discovery Service in ITSM?

I am not wanting my server to go out and discovers hosts on the LAN. I have no use for this.

Also this is making my httpd access logs fill up.

Code: Select all

cat /var/log/httpd/access.log

10.10.10.1 - - [17/Oct/2013:09:42:37 +1100] "POST /Discovery/HTTPsvc/IISXferWanServer.DLL HTTP/1.1" 200 - "-" "HttpXferwan 11.0 (20100124)"

Reverse Proxy for OTRS IBM WebSeal

We have an IBM Webseal that publishes the OTRS Server, out to the public however the page does not display properly.

This makes no difference with the latest versions of:

Chrome: 30.0.1599.101 m
FireFox: 24.0
Internet Explorer : 9/10

After reading this post: viewtopic.php?f=62&p=31497

I have performed these steps with no luck.

Ran the SetPermissons script

Code: Select all

./otrs.SetPermissions.pl --otrs-user=otrs --web-user=apache --otrs-group=apache --web-group=apache /opt/otrs

bin/otrs.SetPermissions.pl - set OTRS file permissions
Copyright (C) 2001-2013 xxx, http://otrs.com/
Setting permissions on /opt/otrs
Setting permissions on /opt/otrs/var
Setting permissions on /opt/otrs/bin/*
Setting permissions on /opt/otrs/scripts/
Setting permissions on /opt/otrs/Kernel/Config.pm
Setting owner rw and group ro permissions on /opt/otrs/.procmailrc
Setting owner rw and group ro permissions on /opt/otrs/.fetchmailrc

Then:

Code: Select all

perl $OTRS_PATH/bin/otrs.RebuildConfig.pl
perl $OTRS_PATH/bin/otrs.DeleteCache.pl
perl $OTRS_PATH/bin/otrs.LoaderCache.pl

This made no difference. This looks to be IBM WebSeal related, has anyone got this working behind an IBM WebSEAL reverse proxy server? We have tried a "standard"-types Webseal junction, which works for most web pages, but some pages break.

We have tried a "transparent-path" junction (this is the preferable approach, as it avoids problems when back-end servers generate code dynamically on the client-side) but the login page does not even display correctly - i.e. it displays an error "The browser you are using is too old.....".

As Policy we are at liberty to use no other reverse proxy at time. Will log a call with IBM in the meantime and hope for assitance with this.

Thank you for your time.

[jojo]

1. Question:

OTRS does not have discovery service! Did you install a 3rd Party module?


2. Question:
This is a proxy issue. Not an OTRS issue. Check if /otrs and /otrs-web are handled properly on this proxy

[ThatGuy84]

Hi jojo,
Thanks for your reply. I managed to fix the reverse proxy issue, by adding an additional junction for /otrs-web, so this solved this.

However NO I have not added any 3rd Party Modules for the Network-Discovery this is fresh out the box, this must be included with OTRS ITSM???

I have attached a screenshot of the Modules installed:

Code: Select all

tail -f /var/log/httpd/access.log

10.10.10.100 - - [17/Oct/2013:17:43:02 +1100] "POST /Discovery/HTTPsvc/IISXferWanServer.DLL HTTP/1.1" 200 - "-" "HttpXferwan 11.0 (20100124)"
10.10.10.99 - - [17/Oct/2013:17:43:02 +1100] "POST /Discovery/HTTPsvc/IISXferWanServer.DLL HTTP/1.1" 200 - "-" "HttpXferwan 11.0 (20100124)"
10.10.10.11 - - [17/Oct/2013:17:43:03 +1100] "POST /Discovery/HTTPsvc/IISXferWanServer.DLL HTTP/1.1" 200 - "-" "HttpXferwan 11.0 (20100124)"
10.10.10.51 - - [17/Oct/2013:17:43:03 +1100] "POST /Discovery/HTTPsvc/IISXferWanServer.DLL HTTP/1.1" 200 - "-" "HttpXferwan 11.0 (20100124)"
10.10.10.21 - - [17/Oct/2013:17:43:04 +1100] "POST /Discovery/HTTPsvc/IISXferWanServer.DLL HTTP/1.1" 200 - "-" "HttpXferwan 11.0 (20100124)"
10.10.10.78 - - [17/Oct/2013:17:43:04 +1100] "POST /Discovery/HTTPsvc/IISXferWanServer.DLL HTTP/1.1" 200 - "-" "HttpXferwan 11.0 (20100124)"

On the OTRS Server something is defiantly running a port scan for discovery of inventory, and I wish to turn this off please.

Code: Select all

netstat  -tunap

tcp        0      0 10.10.10.52:80            10.10.10.99:51838         TIME_WAIT   -
tcp        0      0 10.10.10.52:80            10.10.10.11:56122          TIME_WAIT   -
tcp        0      0 10.10.10.52:80           10.10.10.78:47375           TIME_WAIT   -

Thanks for your time.

[jojo]

OTRS does not have any discovery module.

With some google magic you would have found this one: http://www.softasset.co.uk/centennial/ which seems to be installed on your network and/or server

[ThatGuy84]

Thanks for schooling me jojo your google powers are far > than mine.

I was under the impression this was cleaned from the network obviously not.

Thanks once again jojo for your help please mark this as solved.