Disable HTTP access to Console

By default, Prisma Cloud will create both an HTTP and an HTTPS listener for access to the Console. In some environments, you may wish to entirely disable one of these listeners, such as turning off HTTP to ensure that only encrypted traffic is allowed to Console.
Disabling a listener simply requires providing a blank value for it in twistlock.cfg. For example, to disable the HTTP listener, your configuration file would look like this:
############################################# # Network configuration ############################################# # Each port must be set to a unique value (multiple services cannot share the same port) ###### Management console ports ##### # Sets the ports that the Prisma Cloud management website listens on # The system that you use to configure Prisma Cloud must be able to connect to the Prisma Cloud Console on these ports # To disable a listener, leave the value empty (e.g. MANAGEMENT_PORT_HTTP=) MANAGEMENT_PORT_HTTP= MANAGEMENT_PORT_HTTPS=8083
Note that the
MANAGEMENT_PORT_HTTP=
is intentionally left blank to indicate this listener is disabled. As with other changes to the configuration, to take effect, just rerun
twistlock.sh
with the updated configuration file in place. For example:
$ sudo ./twistlock.sh -s console

Recommended For You