1

In short:
I have a couple of ESXi6 servers in a LAN on which I can successfully load the page https://host.tld/ in a browser. On one ESXi6 server, which is publicly available on the internet, I get 403 forbidden when loading the page in a browser.

More detailed description:
VEEAM B&R cannot connect to the WAN ESXi6.0.0 (5572656) due a 403 reply from ESXi's httpd (which I confirmed using a browser to https://host.tld/). Accessing https://host.tld works on all my local ESXi servers, but not on the WAN ESXi server. (However, VSphere works fine on all servers.) Because this server is exposed to the internet, it is possible that I may have configured it to be locked down when I initially set it up years ago, but I if that's the case I must have missed to write a documentation and now just forgot how I did it.
The fact that the browser receives a 403 indicates that there is actually some http(s) going on, so I don't think it's the firewall.

Where in ESXi6 can http access be configured?

Thanks in advance!

T.

user208383
  • 61
  • 1
  • 1
  • 6
  • What does the `host.tld` resolve to on all hosts? Have you checked the configuration on `host.tld` for possible access lists? – Tero Kilkanen Aug 10 '17 at 16:18
  • @TeroKilkanen host.tld resolves to the same valid public IPv4 WAN address on all hosts. Which access lists do you mean? I temporarily turned off the built in ESXi firewall to verify it is not a firewall configuration problem. What / where are the access lists in ESXi for http? – user208383 Aug 11 '17 at 05:48
  • By `host.tld` access lists I mean access lists on the web server you are trying to reach. After all, most often the `403 Forbidden` error is returned by the destination web server. – Tero Kilkanen Aug 11 '17 at 11:18
  • @TeroKilkanen To avoid misunderstandings: I'm not talking about Guest OSes, I'm talking about the ESXi Server itself! The "webserver" that I'm trying to reach is the http daemon of the ESXi server itself (that "VMware ESXi, Welcome, Getting Started" page)! That is exactly the question: where on the ESXi is there such an access list on which access to the index page can be configured? – user208383 Aug 11 '17 at 12:21
  • @TeroKilkanen I can successfully access https://host.tld/client/clients.xml and https://host.tld/ui, but https://host.tld is denied with error 403. – user208383 Aug 11 '17 at 12:42

1 Answers1

0

Some very very helpful support engineer from Veeam in St. Petersburg pointed me into the right direction:

Have you checked that landing page document exists on the disk? I was able to get error 403 by renaming the document at /usr/lib/vmware/hostd/docroot/index.html.

That was exactly the problem.

user208383
  • 61
  • 1
  • 1
  • 6