Tomcat Security on DMZ, restrict admin page access Follow
Delete Admin/Manager apps of tomcat
Delete the following folders to disable the web interface of tomcat:
<tomcat>\webapps\ROOT
<tomcat>\webapps\manager
<tomcat>\webapps\host-manager
<tomcat>\webapps\examples
<tomcat>\webapps\docs
Allow access to ServiceManager admin UI from internal IPs only
Modify web.xml on your tomcat server's ServiceManager folder:
<tomcat folder>\webapps\ServiceManager\WEB-INF\web.xml
Add the following:
<filter>
<filter-name>Remote Address Filter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
<init-param>
<param-name>allow</param-name> <!-- or deny -->
<param-value>10\.0\.2\..*</param-value> <!-- regexp for your ip addresses -->
</init-param>
</filter>
<filter-mapping>
<filter-name>Remote Address Filter</filter-name>
<url-pattern>/www/auraplayer/index.html</url-pattern>
</filter-mapping>
Secure AuraPlayer's internal API
Protect AuraPlayer's Internal APIs:
https://auraplayer.zendesk.com/hc/en-us/articles/115005076473-ServiceManager-API-Protection
Comments
0 comments
Article is closed for comments.