Highlighted
Respected Contributor.
Respected Contributor.
147 views

GW Webacc Base URL

A concern has been raised about the fact that one can see the basic SLES (probably Tomcat) web server page on the webaccess server, if you remove the gw/webacc part of the URL.

Since this page displays the version of SLES, etc. someone in my company believes this to be a security issue.

I'm in the middle of redesigning the entire GW and File Server Infrastructure, and I don't believe that this is much of a priority, I want to be sure something I think of as minor is not a major issue.

So, on the off chance that this IS a major security hole that I am not aware of, I am asking you all if this is an issue.

I've often wondered about Best Practices around obscuring the (to me) needlessly long www.example.com/gw/webacc 's lower folder structure and I didn't find good answers to this when I did my initial look upon arriving at this company. Neither did any of the previous admins.

So, is there a way to address this? Is this something to be concerned about? Does anyone else have this issue?

Labels (1)
0 Likes
3 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: GW Webacc Base URL

I think that's easy to handle (and maybe will be handled by default depending on your installation).

If someone omits /gw or /gw/webacc you can forward him to /gw/webacc directly. So there should be no accessable page without /gw/webacc.

If you use a (reverse) proxy before it's even easier or more secure.

Diethmar Rimser
If you like my idea or solution, please show it and click i.e. on "Like"!
0 Likes
Highlighted
Super Contributor.
Super Contributor.

Re: GW Webacc Base URL

The redirect is something I have used from the start to protect that information from being unintentionally displayed.

 

Val

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: GW Webacc Base URL

Yes, that's the way how to do it. There were some TIDs many years ago when the new webaccess link has been introduced!

Diethmar Rimser
If you like my idea or solution, please show it and click i.e. on "Like"!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.