Web Parameters

The Web parameters are described in the table below.

Web Parameters

Parameter

Description

'Password Change Interval'

configure system > web > web-password-change-interval

[WebPassChangeInterval]

Defines the minimum duration (in minutes) between login password changes. For example, if you configure the parameter to 60, you can only change the password if at least 60 minutes has elapsed since the password was last changed.

The valid value is 0 to 100,000. The default is 0, meaning that the password can be changed at any time.

'User Inactivity Timer'

configure system > web > user-inactivity-timeout

[UserInactivityTimer]

Defines the duration (in days) for which a user has not logged in to the Web interface, after which the status of the user becomes inactive and can no longer access the Web interface. These users can only log in to the Web interface if their status is changed (to New or Valid) by a Security Administrator or Master user.

The valid value is 0 to 10000, where 0 means inactive. The default is 90.

Note: The parameter is applicable only when using the Local Users table.

'Session Timeout'

configure system > web > session-timeout

[WebSessionTimeout]

Defines the duration (in minutes) of inactivity of a logged-in user in the Web interface, after which the user is automatically logged off the Web session. In other words, the session expires when the user has not performed any operations (activities) in the Web interface for the configured duration.

The valid value is 0, or 2 to 100000, where 0 means no timeout. The default is 15.

Note: You can also configure the feature per user in the Local Users table (see Configuring Management User Accounts), which overrides this global setting.

'Deny Access On Fail Count'

configure system > web > deny-access-on-fail-count

[DenyAccessOnFailCount]

Defines the maximum number of failed login attempts, after which the requesting IP address (management station) for all users is blocked.

The valid value range is 0 to 10. The value 0 means that the feature is disabled and no blocking is done. The default is 3.

'Deny Authentication Timer'

configure system > web > deny-auth-timer

[DenyAuthenticationTimer]

Defines the duration (in seconds) for which login to the Web interface is denied from a specific IP address (management station) for all users when the number of failed login attempts exceeds the maximum. This maximum is configured by the [DenyAccessOnFailCount] parameter. Only after this time expires can users attempt to log in from this same IP address.

The valid value is 0 to 100000, where 0 means that login is not denied regardless of the number of failed login attempts. The default is 60.

Note:

If the [BlockingDurationFactor] parameter is configured to a value greater than 1, the duration that the IP address is blocked is according to the [BlockingDurationFactor] parameter.
To configure the duration for which the IP address is blocked, use the [DenyAuthenticationTimer] parameter.
Up to 1,000 IP addresses (management stations) can be blocked concurrently.

'Blocking Duration Factor'

configure system > web > blocking-duration-factor

[BlockingDurationFactor]

Defines the number to multiple the previous blocking time for blocking the IP address (management station) or user upon the next failed login scenario.

The valid value is 1 to 100. The default is 1, which means that the blocking time remains the same (not increased).

For example, assume the following configuration:

The 'Deny Access On Fail Count' parameter is configured to 3 (failed login attempts).
The 'Block Duration' parameter in the Local Users table is configured to 10 (seconds) for user blocking, or the [DenyAuthenticationTimer] parameter is configured to 10 for IP address blocking.
The [BlockingDurationFactor] parameter is configured to 2.

After three failed login attempts, the device blocks the user for 10 seconds. If the user tries again to login but fails after three attempts, the device blocks the user for 20 seconds (i.e., 10 x 2). If the user tries again to login but fails after three attempts, the device blocks the user for 40 seconds (i.e., 20 x 2), and so on.

'Valid time of Deny Access counting'

configure system > web > deny-access-counting-valid-time

[DenyAccessCountingValidTime]

Defines the maximum time interval (in seconds) between failed login attempts to be included in the count of failed login attempts for denying access to the user.

The valid value is 30 to 10,000,000. The default is 60.

For example, assume the following:

The [DenyAccessOnFailCount] parameter is configured to 3 (failed login attempts).
The [DenyAccessCountingValidTime] parameter is configured to 30 (seconds).

If the user makes a failed login attempt, and then makes another failed login attempt 32 seconds later, and another failed login attempt 10 seconds later, the user is not blocked by the device. This is because the interval between the first and second attempt was greater than the 30 seconds configured for the [DenyAccessCountingValidTime] parameter. However, if the interval between all three failed login attempts is less than 30 seconds, the device blocks the user.

'Display Last Login Information'

configure system > web > display-last-login-info

[DisplayLoginInformation]

Enables the display of the user's login information upon each successful login attempt.

[0] Disable (default)
[1] Enable

'Invalid Login Report'

configure system > web > invalid-login-report

[InvalidLoginReport]

Defines the information that is provided in the logged error message (Activity Log) when a user attempts to log in to the device with the wrong username or password (i.e., authentication failure).

[0] General Information = (Default) The logged error message only indicates that incorrect credentials were entered, without specifying if it was the username or the password that was wrong.
[1] Detailed Information = The logged error message indicates if it was the username or the password that was wrong.

configure system > web > csrf-protection

[CSRFProtection]

Enables cross-site request forgery (CSRF) protection of the device's embedded Web server.

[0] = Disable
[1] = (Default) Enable

For more information, see Enabling CSRF Protection.

configure system > web > http-port

[HTTPport]

Defines the LAN HTTP port for Web management. To enable Web management from the LAN, configure the desired port.

The default is 80.

Note: For the parameter to take effect, a device restart is required.

[DisableWebConfig]

Defines if the entire Web interface is read-only.

[0] = (Default) Enables modifications of parameters.
[1] = Web interface is read-only.

When in read-only mode, parameters can't be modified and the following pages can't be accessed: Web User Accounts, TLS Contexts, Time and Date, Maintenance Actions, Load Auxiliary Files, Software Upgrade Wizard, and Configuration File.

Note:

For the parameter to take effect, a device restart is required.

[ResetWebPassword]

Enables the device to restore the default management user accounts.

[0] = (Default) Disabled - currently configured user accounts (usernames and passwords) are retained.
[1] = Enabled - default user accounts (listed below) are restored and all other configured users (in the Local Users table) are deleted:
Security Administrator user (username Admin and password Admin)
Monitor user (username User and password User)

Note:

You can also restore the default management user accounts (and delete all other configured users) through SNMP, by setting acSysGenericINILine to "ResetWebPassword = 1".
You can change username and password through SNMP:
To change the current username, use the following syntax (but without angled brackets) in the acSysWEBAccessEntry table:
acSysWEBAccessUserName:<current username>/<password>/<new username>
To change the current password, use the following syntax (but without angled brackets) in the acSysWEBAccessEntry table:
acSysWEBAccessUserCode:<username>/<current password>/<new password>

'Check Weak Passwords'

configure system > web > check-weak-psw

[WeakPasswordsCheck]

Enables the weak password detection feature, which detects if a user in the Local Users table is configured with a weak password (listed in the Weak Passwords List table).

[0] Disable (default)
[1] Enable

For more information, see Detection of Weak Passwords.

configure system > welcome-msg

[WelcomeMessage]

Defines a welcome message displayed on the Web interface's Web Login page.

The format of the ini file table parameter is:

[WelcomeMessage ]
FORMAT Index = Text
[\WelcomeMessage]

For example:

FORMAT Index = Text
WelcomeMessage 1 = "**********************************" ;
WelcomeMessage 2 = "********* This is a Welcome message ***" ;
WelcomeMessage 3 = "**********************************" ;

For more information, see Creating a Login Welcome Message.

Note:

Each index row represents a line of text. Up to 20 lines (or rows) of text can be defined.
The configured text message must be enclosed in double quotation marks (i.e., "...").
If the parameter is not configured, no Welcome message is displayed.

[UseProductName]

Enables the option to customize the name of the device (product) that appears in the management interfaces.

[0] = Disabled (default).
[1] = Enables the display of a user-defined name, which is configured by the [UserProductName] parameter.

For more information, see Customizing the Product Name.

[UserProductName]

Defines a name for the device instead of the default name.

The value can be a string of up to 29 characters.

For more information, see Customizing the Product Name.

Note: To enable customization of the device name, see the [UseProductName] parameter.

configure system > web > web-logo-enable

[UseWebLogo]

Enables the Web interface to display user-defined text instead of an image (logo).

[0] = (Default) The Web interface displays a logo image, which is configured by the [LogoFileName] parameter.
[1] = The Web interface displays text (instead of an image), which is configured by the [WebLogoText] parameter (see note).

For more information, see Replacing the Corporate Logo.

Note: If you want to display text instead of an image, configure [UseWebLogo] to 1 and make sure that [LogoFileName] is not configured to any value. If [LogoFileName] is configured, it overrides [UseWebLogo] and an image will always be displayed.

configure system > web > web-logo-text

[WebLogoText]

Defines the text that is displayed instead of the logo in the Web interface.

The valid value is a string of up to 15 characters.

For more information, see Replacing the Corporate Logo with Text.

Note: The parameter is applicable only when the [UseWebLogo] parameter is configured to [1].

[LogoFileName]

Defines the name of the image file that you want loaded to the device. This image is displayed as the logo in the Web interface (instead of the AudioCodes logo).

The file name can be up to 47 characters.

For more information, see Replacing the Corporate Logo with an Image.

Notes:

The image file type can be one of the following: GIF, PNG, JPG, or JPEG.
The size of the image file can be up to 64 Kbytes.

[ExternalDocumentsBaseURL]

When the Web interface is set up for private labeling (e.g., non-default logo on toolbar), the parameter enables the Web interface's toolbar to display the icon, which provides a drop-down list of documents that can be referenced.

Add a forward slash ("/") at the end of the parameter's value:

ExternalDocumentsBaseURL = 'https://acredirect.azurewebsites.net/api/'