Plantronics + Polycom. Now together as Poly Logo

[FAQ]Locking the Web Configuration Utility after Failed Login Attempts?

SteffenBaierUK
Polycom Employee & Community Manager

[FAQ]Locking the Web Configuration Utility after Failed Login Attempts?

UC Software 5.5.0 added the ability to lock the Web Configuration Utility after Failed Login Attempts.

 

You can lock access to the Web Configuration Utility after a series of failed login attempts and configure a period of time a user can attempt to log in again.

 

Use the following parameters to configure additional security after multiple failed login attempts:

 

Parameter template

Permitted Values

httpd.cfg.lockWebUI.enable

1 (default) - Enable the Web Configuration Login Lock feature.

0 - Disable the Web Configuration Login Lock feature.

httpd.cfg.lockWebUI.lockOutDuration

60 seconds (default) - The period of time the user is locked out of the Web Configuration Utility. The user can try logging in again after this time.

60 - 300 seconds

httpd.cfg.lockWebUI.noOfInvalidAttempts

5 (default) - After five failed login attempts, the user is locked out of the Web Configuration Utility.

3 - 20 - Specify the maximum number of failed login attempts after which the user is locked out of the Web Configuration Utility.

httpd.cfg.lockWebUI.noOfInvalidAttempts Duration

60 seconds (default) - After a user reaches the maximum failed login attempts within 60 seconds, the user is locked out of the Web Configuration Utility.

60 - 300 seconds - After a user reaches the maximum failed login attempts within this time duration, the user is locked out of the Web Configuration Utility. The user can try logging in again after the lock-out duration set by httpd.cfg.lockWebUI.lockOutDuration.

 

The Web Interface shows:

 

Unsuccesfull_Attempts01.PNG

 

You can check the Unsuccessful Attempts:

 

Unsuccesfull_Attempts02.PNG

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 1 of 2
1 REPLY 1
SteffenBaierUK
Polycom Employee & Community Manager

„ Authorization failed. Please login here. “ when trying to access the Web Interface of a Poly Phone

„Authorization failed. Please login here. “ when trying to access the Web Interface of a Poly Trio, VVX, or CCX Phone

 

Since UC Software 4.0.15 or 5.6.0 a new security feature will automatically log out the user after a certain duration.

 

The phone has preset session management rules, but you can customize the rules as needed.

Use session management on the system web interface to enhance phone security by setting the maximum number of sessions and determining session validity.


By default, the phone allows 10 concurrent sessions on the system web interface. The phone allows a single session to remain idle for 900 seconds (15 minutes) before it automatically ends it.

 

If you change the password, all the existing sessions expire and you must log in with the new password. If a session reaches the maximum limit, all existing sessions expire and the new session continues on the system web interface. If you can’t log in to the system web interface, clear your web browser cookies and try again.

 

Procedure

  1. Set the duration of a single session in the idle state, in seconds. Configure from 60 to 86,400 seconds. The default is 900 seconds.
    httpd.cfg.session.maxSessionAge="<session duration>"
  2. Set the maximum number of concurrent sessions the phone allows. Configure from 1 to 20 concurrent sessions. The phone allows 10 concurrent sessions by default.
    httpd.cfg.session.maxSessions="<concurrent session max>"
----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 2