[Pki-users] locking down specific URL's on port 8080
Paul Robert Marino
prmarino1 at gmail.com
Thu Jun 5 17:40:46 UTC 2014
hello
I am currently working on a new dogtag PKI 10 install I relized
though there are 3 URL's that concern me and I would like to preven
public access to them they are
http://<FQDN>:8080/ca/ee/ca/profileSelect?profileId=<profiletypehere>,
http://<FQDN>:8080, and http://<FQDN>:8080/ca/ee/ca/profileList
im looking at a method mentioned here
http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Address_Filter
Ive tried putting in a rule into /etc/pki/pki-tomcat/web.xml like so
"
<filter>
<filter-name>Remote Address Filter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>192\.168\.100\.\d+|192\.168\.200\.\d+</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Remote Address Filter</filter-name>
<url-pattern>/ca/ee/ca/profileSelect*|/ca/ee/ca/profileSubmit*|/ca/ee/ca/profileList</url-pattern>
</filter-mapping>
"
note Ive changed the subnets those are not the real ones I used in my
configuration.
Unfortunately it doesn't seem to be working.
does any one have any pointers for me or an example of what they have
used for this?
More information about the Pki-users
mailing list