2010-01-29

Disabling Web Services in ESXi

Duncan posted this one this evening.

So to add to his post there is a way to "hide" the web service at least front page

in ESXi the configuration file that is responsible for all this is /etc/vmware/hostd/proxy.xml

<ConfigRoot>
  <EndpointList>
    <_length>10</_length>
    <_type>vim.ProxyService.EndpointSpec[]</_type>
    <e id="0">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <port>8309</port>
      <serverNamespace>/</serverNamespace>
    </e>
    <e id="1">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <port>8307</port>
      <serverNamespace>/sdk</serverNamespace>
    </e>
    <e id="2">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <port>8308</port>
      <serverNamespace>/ui</serverNamespace>
    </e>
    <e id="3">
      <_type>vim.ProxyService.NamedPipeServiceSpec</_type>
      <accessMode>httpsOnly</accessMode>
      <pipeName>/var/run/vmware/proxy-vpxa</pipeName>
      <serverNamespace>/vpxa</serverNamespace>
    </e>
    <e id="4">
      <_type>vim.ProxyService.NamedPipeServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <pipeName>/var/run/vmware/proxy-mob</pipeName>
      <serverNamespace>/mob</serverNamespace>
    </e>
    <e id="5">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <!-- Use this mode for "secure" deployment -->
      <accessMode>httpsWithRedirect</accessMode>
      <!-- Use this mode for "insecure" deployment -->
      <!-- <accessMode>httpAndHttps</accessMode> -->
      <port>8889</port>
      <serverNamespace>/wsman</serverNamespace>
    </e>
    <!-- Needed because old versions of the VI client access
         the clients.xml file over Http for upgrade -->
    <e id="6">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpAndHttps</accessMode>
      <port>8309</port>
      <serverNamespace>/client/clients.xml</serverNamespace>
    </e>
     <e id="7">
      <_type>vim.ProxyService.NamedPipeTunnelSpec</_type>
      <serverNamespace>/sdkTunnel</serverNamespace>
      <accessMode>httpOnly</accessMode>
      <pipeName>/var/run/vmware/proxy-sdk-tunnel</pipeName>
     </e>
    <e id="8">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpAndHttps</accessMode>
      <port>12001</port>
      <serverNamespace>/ha-nfc</serverNamespace>
    </e>
    <e id="9">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpAndHttps</accessMode>
      <port>12000</port>
      <serverNamespace>/nfc</serverNamespace>
    </e>
  </EndpointList>
</ConfigRoot>

The part we are interested in is this

    <e id="0">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <port>8309</port>
      <serverNamespace>/</serverNamespace>
    </e>

In order to mask the web page all that you need to do is change the port number in the config file and this will lead you to blank page

    <e id="0">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <port>8499</port>
      <serverNamespace>/</serverNamespace>
    </e>

<!--e id="4">
      <_type>vim.ProxyService.NamedPipeServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <pipeName>/var/run/vmware/proxy-mob</pipeName>
      <serverNamespace>/mob</serverNamespace>
    </e-->

<e id="6">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpAndHttps</accessMode>
      <port>8399</port>
      <serverNamespace>/client/clients.xml</serverNamespace>
    </e>



The same way you could mask any of the other services you would like (mob etc..)

Restart the services on the Host with

/sbin/services.sh restart

Before

Main Page xml

client mob

And after

Main Page xml VI client mob

Update: William Lam also posted a 3rd method that did not need going into the unsupported Dropbear console. Well worth a read!!