Help Central | G5 Cyber Security
Security Hardening
TNS Best Practices Jetty 9 v1.0.0

- Management IP - .htacess exists

Gavin M. Dennis

22 April 2022 02:39

Details

A dedicated management IP should be configured

Avoid Unauthorized user access to the server

Solution

create .htaccess file in the root directory of your web application. Find in $jetty_home/contexts xml file, which corresponds to the name of your Jetty web application (test.xml in our case) and protect access to your application by HTAccessHandler, that uses the .htaccess policy file.

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CSCv6|3.1

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

- Management IP - .htacess exists
- Management IP - review $jetty_home/contexts xml file
access Control - JAAS
access Control - security Realms
Authentication
configure log file size limit - org.eclipse.jetty.server.handler.RequestLogHandler
configure log file size limit - Settings
Encryption
Information Leakage
Remove extraneous files and directories - $JETTY_BASE/webapps/balancer