Restrict Access to ZENworks Control Center


Under the following directory you will find a file named context.xml:


Edit the file with your favorite text editor and add the following line between "<context>" and "</context>" tags:

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.0.*"/>

Then only hosts in the network would get access to ZCC.

After saving the edited file you need to restart ZENworks before the changes take effect.


How To-Best Practice
Comment List
    Hi all, this blocks access to other zenworks services which the agent uses

    I'm looking for something to just block zcc ./zenworks access.

    At least with ZCM 11 SP2 I tested with, this setting prevents also clients from communicating with this primary (such as downloading bundles). Therefore unfortunately not only effective for ZCC and not usable.
    It is an issue I concern while testing ZCM. zcc is accessible from the world,
    and I do not find it is mentioned in the documents.
    Thank you for the tip. I run ZCM on SLES, so I find it is easier to set up a rule
    in iptables firewall. The context.xml file maybe overwritten during update.

    I also notice that is also needed in the allow list, otherwise zman return error 13.