[Pki-users] locking down specific URL's on port 8080
Paul Robert Marino
prmarino1 at gmail.com
Thu Jun 5 20:32:11 UTC 2014
I figured it out
in case any one is curious
I had to create 3 filters and filter-mapping sections in one for each
URL then I had to start it from /ee/ca/ notice I left the first /ca
prefix off.
I had to add white spacing in the url-pattern tags like so
"<url-pattern> /ee/ca/profileSelect </url-pattern>"
finally I had to put it in /var/lib/pki/pki-tomcat/ca/webapps/ca/WEB-INF/web.xml
On Thu, Jun 5, 2014 at 1:40 PM, Paul Robert Marino <prmarino1 at gmail.com> wrote:
> hello
> I am currently working on a new dogtag PKI 10 install I relized
> though there are 3 URL's that concern me and I would like to preven
> public access to them they are
> http://<FQDN>:8080/ca/ee/ca/profileSelect?profileId=<profiletypehere>,
> http://<FQDN>:8080, and http://<FQDN>:8080/ca/ee/ca/profileList
>
> im looking at a method mentioned here
> http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Address_Filter
>
> Ive tried putting in a rule into /etc/pki/pki-tomcat/web.xml like so
> "
> <filter>
> <filter-name>Remote Address Filter</filter-name>
> <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
> <init-param>
> <param-name>allow</param-name>
> <param-value>192\.168\.100\.\d+|192\.168\.200\.\d+</param-value>
> </init-param>
> </filter>
> <filter-mapping>
> <filter-name>Remote Address Filter</filter-name>
> <url-pattern>/ca/ee/ca/profileSelect*|/ca/ee/ca/profileSubmit*|/ca/ee/ca/profileList</url-pattern>
> </filter-mapping>
> "
> note Ive changed the subnets those are not the real ones I used in my
> configuration.
> Unfortunately it doesn't seem to be working.
>
> does any one have any pointers for me or an example of what they have
> used for this?
More information about the Pki-users
mailing list