Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-3499

there appears to be no way to restrict access to the ajp port

    Details

    • Type: Enhancement
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.6.7
    • Fix Version/s: 1.12.7
    • Component/s: Web UI - Admin
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None
    • Environment:
      Operating System: Linux
      Platform: PC
    • Bugzilla Id:
      3453

      Description

      Short version: you can presently restrict which hosts can connect to the main jetty port, but there doesn't appear to be a way to restrict which hosts can connect to the AJP port.

      In the opennms.properties file, you can restrict who can access the regular jetty port (default 8980). For example, if you set "org.opennms.netmgt.jetty.host" to be "127.0.0.1", then only local users can connect to the main jetty port.

      In addition, you can turn on AJP support by setting "org.opennms.netmgt.jetty.ajp-port" to a value (default 8981). However, there does not appear to be a way to restrict who can connect to that particular port. It would be very good if either the "jetty.host" setting also applied to the AJP port, or perhaps there could be a separate config variable, with a name like "jetty.ajp-host".

      From a quick glance at the source code, it appears it wouldn't be too difficult to add this functionality, once you make a decision as to what the variable should be called. But I don't have a great deal of knowledge about either opennms or Java, so I could be missing something.

        Attachments

          Activity

            People

            • Assignee:
              ranger Benjamin Reed
              Reporter:
              ade@psg.com Adrian Miranda
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: