Update security instructions for API-M web portals

[Rami2212]

Remove unsupported Management Console access control configuration

Summary

Removed the documentation for restricting access to the Management Console via [admin_console.control_access] configuration, as this feature is no longer supported at the product level.

Problem

The following configuration was documented under the Restricting access to web portals section of the Securing Web Portals page:

[admin_console.control_access]
enable = true
allow = ["IP1", "IP2", "IP3"]

This configuration is no longer functional at the product level, making the documentation misleading and potentially causing confusion for users who attempt to use it.

Changes

• Removed the bullet point describing how to restrict access to only the Management Console using [admin_console.control_access] in deployment.toml.
• Removed the associated note explaining the IP allowlist behavior for the Management Console.
• Updated the introductory sentence of the Restricting access to web portals section to remove the reference to the now-unsupported Management Console-only restriction option.

Affected Pages

Page	Version
Securing Web Portals	All

Type of Change

• Documentation removal (removing unsupported/incorrect content)

Additional Notes

The remaining access restriction options — controlling access to all web applications via [web_app.control_access] and restricting access to specific servlets via [[servlet_access_control_filter]] — are unaffected and remain documented as before.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a0268502-03fa-40d6-9347-382a50c045f2

📥 Commits

Reviewing files that changed from the base of the PR and between 852d922 and 514a902.

📒 Files selected for processing (1)

• en/docs/install-and-setup/setup/security/securing-api-m-web-portals.md

🚧 Files skipped from review as they are similar to previous changes (1)

• en/docs/install-and-setup/setup/security/securing-api-m-web-portals.md

---

📝 Walkthrough

Documentation Update: Web Portal Access Control

This PR updates the "Securing Web Portals" documentation by removing references to an unsupported configuration option for restricting Management Console access.

Changes Made

• Removed the [admin_console.control_access] configuration block and its explanatory notes (Management Console–only IP allowlist guidance).
• Revised the opening sentence of the "Restricting access to web portals" section to omit mention of the Management Console–only option.

What Remains Unchanged

Documentation still covers the supported access-restriction options:

• [web_app.control_access] — restricts access across all web applications
• [[servlet_access_control_filter]] — restricts access to specific servlets within web applications

Affected file: en/docs/install-and-setup/setup/security/securing-api-m-web-portals.md
Lines changed: +1/-18

Walkthrough

The PR revises the "Restricting access to web portals" documentation: it removes references to the standalone management console access-control configuration ([admin_console.control_access]) and updates the introductory text to describe restricting access by permitting selected IPs for all web applications via [web_app.control_access]. The change deletes 17 lines and adds 1 line.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides clear purpose, problem statement, specific changes made, and affected pages. However, it does not address most required template sections.	While the core change is well-documented, consider completing key template sections such as Goals, Release notes, and Documentation to ensure consistency with repository standards.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: updating security instructions for API-M web portals by removing unsupported Management Console configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

⚔️ Resolve merge conflicts

• Resolve merge conflict in branch fix-issue-11239-update-security-instructions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Removes outdated documentation from the “Securing Web portals” page that described restricting access to the Management Console via an unsupported [admin_console.control_access] configuration.

Changes:

• Removed the [admin_console.control_access] deployment.toml example and its explanatory note from “Restricting access to web portals”.
• Adjusted the introduction to the “Restricting access to web portals” section (but it still contains a misleading reference that needs follow-up).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@en/docs/install-and-setup/setup/security/securing-api-m-web-portals.md`:
- Line 35: Reword the sentence that currently reads "You can restrict access to
the management console of the API-M runtime by binding the management console
with selected IP addresses." so it no longer implies a standalone
management-console-only IP-binding option; instead explicitly state that access
is controlled via the general web-portal IP-binding/configuration methods
described below (refer to the phrase "restrict access to all web portals" and
the subsequent configuration sections), e.g., replace the sentence with a clear
pointer that management console access is restricted using the same IP-binding
and portal configuration methods documented in the following sections.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e3014ae5-d86d-4aa6-91b5-8e78f798b18f

📥 Commits

Reviewing files that changed from the base of the PR and between bcd2881 and 852d922.

📒 Files selected for processing (1)

• en/docs/install-and-setup/setup/security/securing-api-m-web-portals.md

[Saadha123]

@Rami2212 Please address the suggestion from CodeRabbit and Copilot.

[tharikaGitHub]

@Rami2212 shall we resolve the file conflicts as well?

[tharikaGitHub]

Hi @Rami2212,

I don't see any file changes in this PR. Will you be able to check and do the needful?

Thanks,
Tharika.