Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

mod_rewrite blocking jboss web-console

Posted on 2012-08-21
11
Medium Priority
?
525 Views
Last Modified: 2012-09-05
I would like to block the following

https://IPorName/web-console/serverinfo.jsp

I thought the following would work..

RewriteCond %{QUERY_STRING} (^|&)serverinfo.jsp(&|$)
RewriteRule ^web-console/severinfo.jsp$ - [F]

Am I missing something?

Cheers
0
Comment
Question by:hdaz
  • 5
  • 4
  • 2
11 Comments
 
LVL 26

Expert Comment

by:arober11
ID: 38317087
Just the following will do what you ask.

RewriteRule web-console/severinfo.jsp - [F,L]

Open in new window

0
 
LVL 1

Author Comment

by:hdaz
ID: 38317377
Hi arober11 I have added the rule and restarted and it still allows me to the page?

Any ideas?

Thanks
0
 
LVL 9

Expert Comment

by:Erdinç Güngör Çorbacı
ID: 38320248
For https consider this usage;

RewriteCond %{HTTPS} on
# RewriteCond %{QUERY_STRING} (^|&)serverinfo.jsp(&|$) #you may try escaping this line
RewriteRule ^web-console/severinfo.jsp$ - [F]
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 26

Expert Comment

by:arober11
ID: 38325123
Where have you placed the rule?

Are there any rules or proxy statements before this rule?
0
 
LVL 9

Expert Comment

by:Erdinç Güngör Çorbacı
ID: 38327518
you can use this rule in the .htaccess file at root folder.

I showed the gerenic usage according to your question. If you need any other proxy ort port definitions just give us more information about them.
0
 
LVL 1

Author Comment

by:hdaz
ID: 38332872
Hi thanks for the replies, I can't try anything for a while.. not to well at the moment..
0
 
LVL 1

Author Comment

by:hdaz
ID: 38363648
Hi Sorry for the delay,

This is what I am putting within httpd.conf and/or ssl.conf

RewriteEngine on
RewriteLogLevel 0
RewriteCond %{HTTPS} on
RewriteRule ^web-console/severinfo.jsp$ - [F]
....
also tried

RewriteEngine on
RewriteLogLevel 0
RewriteCond %{HTTPS} on
RewriteCond %{QUERY_STRING} (^|&)web-console(&|$)
RewriteRule ^web-console/severinfo.jsp$ - [F]
....

Then restarting with /pathTO/httpd -f /pathTO/httpd.conf -k restart

Yet when I go to IP/web-console/ServerInfo.jsp it is still accessable...??
0
 
LVL 26

Expert Comment

by:arober11
ID: 38363945
You still haven't indicated if there are any ProxyPass entries in your config.

Note: Mod_Proxy takes precedence over mod_rewrite,  so if your using a ProxyPass directive to pass traffic on to JBoss you'll also need to replace the existing line with the equivalent RewriteRule e.g.

RewriteRule /web-console/   http://xxx.yyy.zzz:8080/web-console/   [p]
0
 
LVL 1

Author Comment

by:hdaz
ID: 38365765
Hi Arober11,

Oh sorry using mod_jk like this ??

RewriteEngine on
RewriteLogLevel 0
RewriteCond %{HTTPS} on
RewriteCond %{QUERY_STRING} (^|&)web-console(&|$)
RewriteRule /web-console/   http://xxx.yyy.zzz:8080/web-console/   [p]
RewriteRule ^web-console/severinfo.jsp$ - [F]

cheers hdaz
0
 
LVL 26

Accepted Solution

by:
arober11 earned 2000 total points
ID: 38366169
Ok, so locate you JkMount entry and add the following 3 lines immediately after it.

JkMount  /web-console/     XXXXXXXXX
# New Lines
JkUnMount  /web-console/serverinfo.jsp
RewriteEngine on
RewriteRule  /web-console/severinfo.jsp - [F,L]

Open in new window

0
 
LVL 1

Author Comment

by:hdaz
ID: 38367651
Thanks very much arober11,

It seems I dont need to do anything with RewriteEngine and just JkUnMount from mod_jk.apache.conf

i.e.
JkUnMount /web-console/* ajp13

Thanks for the help, guess I was looking in the wrong place.
hdaz
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
What You Need to Know when Searching for a Webhost Provider
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses
Course of the Month11 days, 6 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question