[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opennms-buglist
Subject:    [Buglist] [Bug 3453] New: there appears to be no way to restrict access to the ajp port
From:       bugzilla () opennms ! org (bugzilla at opennms ! org)
Date:       2009-11-30 18:57:52
Message-ID: bug-3453-627 () http ! bugzilla ! opennms ! org/
[Download RAW message or body]

http://bugzilla.opennms.org/show_bug.cgi?id=3453

           Summary: there appears to be no way to restrict access to the ajp
                    port
           Product: OpenNMS
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P1
         Component: webUI - Admin
        AssignedTo: buglist at opennms.org
        ReportedBy: ade at psg.com


Short version: you can presently restrict which hosts can connect to the main
jetty port, but there doesn't appear to be a way to restrict which hosts can
connect to the AJP port.

In the opennms.properties file, you can restrict who can access the regular
jetty port (default 8980).  For example, if you set
"org.opennms.netmgt.jetty.host" to be "127.0.0.1", then only local users can
connect to the main jetty port.

In addition, you can turn on AJP support by setting
"org.opennms.netmgt.jetty.ajp-port" to a value (default 8981).  However, there
does not appear to be a way to restrict who can connect to that particular
port.  It would be very good if either the "jetty.host" setting also applied to
the AJP port, or perhaps there could be a separate config variable, with a name
like "jetty.ajp-host".


[prev in list] [next in list] [prev in thread] [next in thread]