What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Restrict passhash from being used for web login?

Votes:

0

I plan to use API calls to pause a sensor when a machine reboots to apply updates. However, I discovered the passhash can be used to access the WebUI, eg: "https://example.com/?username=apiuser&passhash=1234567890".

This is a problem. I can't hide the hash from local admins on those servers, but I don't want them to be able to gain access to the WebUI. I found some posts on this board that indicate the hash should not work for the web interface. Is this a bug?

https://kb.paessler.com/en/topic/77509-using-http-api-without-putting-credentials-in-the-path

https://kb.paessler.com/en/topic/89434-login-interactively-to-portal-via-passhash

Thanks

api passhash webui

Created on Aug 10, 2021 5:36:57 PM



1 Reply

Votes:

0

Hello,

Thank you for your message.

As mentioned in the second KB article, call based authentication is possible (with passhash) and I'm afraid that there is no option to disable it.

Therefore, I invite you to open a feature request for it by following our guideline here: https://kb.paessler.com/en/topic/79245-how-can-i-propose-new-features-or-sensors-for-prtg

If you have questions, let us know.

Regards.

Created on Aug 11, 2021 7:57:44 AM by  Florian Lesage [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.