- 3,733,811 Users
- 2,246,823 Discussions
- 7,856,882 Comments
Forum Stats
Discussions
Howdy, Stranger!
Categories
- 17.8K All Categories
- 3.3K Industry Applications
- 3.2K Intelligent Advisor
- 57 Insurance
- 533.2K On-Premises Infrastructure
- 137.3K Analytics Software
- 38.5K Application Development Software
- 5.1K Cloud Platform
- 109K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 70.7K Infrastructure Software
- 105K Integration
- 41.5K Security Software
Secure public facing weblogic server
I realize that securing a public facing server is an oxymoron. With that said, we are on PeopleTools 8.54 and have a Weblogic server on Windows Server 2016 that will be exposed to the internet allowing consultants to enter payment requests. I have gone through the hardening documentation so all good there. We have F5 configured but the ASM is way outside of our budget. Any suggestions of what I can do to further secure this server on a budget? I have looked through open source ASM and none seem to support weblogic.
Answers
-
# F5 iRule can be used to filter and allow only legit PSFT servlets request to passthrough by using url whitelisting patterns, that can be found in the PIA weblogic accesslog . e.g. allow only /psp/.. /psc/../cs/ patterns as incoming urls
An front end Apache mod_rewrite, can do the same task as the F5 iRule
# Also disable the weblogic console or just firewall the port to this console (move the port to console to different than https port)
# Of course disable the http port and set the weblogic cookie to be set secure
