Chris,
> As others have mentioned, I wouldn't give this too much thought: > someone is scanning you for vulnerabilities. I'll bet if you log the > full headers of those requests, you'll see something like > "admin/admin" or "scott/tiger" in the WWW-Authenticate headers. Just > someone knocking on your door to see if the latch works. Can you > mostly ignore them. > Nice analogy, and definitely, I can ignore and have been ignoring them. Just thought I might ask the list, and see if my current securing-tomcat approach is common and/or sufficient. :) > > On the other hand, I wonder why you are seeing these requests in your > Tomcat logs, since you: > > > I mentioned earlier that I removed the manager apps. The server is > > behind a firewall router, port 8080 is port-forwarded from the > > router to the server, the web app has login page (and login > > servlet/filter in place), but SSL is not configured just yet. That > > is definitely on my to-do list to complete, ASAP, as the CEO has > > given me the go-ahead. > > Are you not filtering by URL anywhere? Good question. not filtering any IP addresses at the firewall level, and really don't have a need unless some really-serious-harmful infiltration occurred. Looking at the localhost access logs, I am able to develop a reliable list of IP addresses to add to a 'safe list', but i have not found that necessary to do...just yet. > > If you don't expect anyone in Asia to be legitimately accessing your > site, you could do something drastic like close your site to some CIDR > pattern that blocks all that stuff. > Interesting. Earlier, Chuck mentioned, "GIYF", and agreed on that point, and that would be my first step, if I needed to learn a bit more about CIDR. :) > > On the other hand, we actually have some customers in China and blocking > them is neither acceptable nor necessary. Agreed, and I am satisfied with the current configuration I have in place to 'block China'...and others. :) > It's just log noise. > log noise = details, and i love details, and I'm loving my tomcat (tomee) experience. Learning a lot more 'here', on a higher level, while using tomcat/tomee. I was amazed, when I saw the logs folder, and the different log files available, by default. I didn't have all that when I was using glassfish. Okay okay, NetBeans/Glassfish (reference implementation) helped me learn Java EE and JSF, and helped me develop Java, java EE, and JSF (web) applications. Now, tomcat/tomee is allowing me to have an app that performs well, etc..., and life, deploying app-or-software-updates, is much more endurable and no need of any 'patience', since tomcat starts sooo fast. Plenty of good to say about tomcat/tomee...i'm getting off-topic here. haha :) Thanks, Howard
