Forum Stats

  • 3,733,811 Users
  • 2,246,823 Discussions
  • 7,856,882 Comments

Discussions

Secure public facing weblogic server

Amy C.
Amy C. Member Posts: 5

I realize that securing a public facing server is an oxymoron. With that said, we are on PeopleTools 8.54 and have a Weblogic server on Windows Server 2016 that will be exposed to the internet allowing consultants to enter payment requests. I have gone through the hardening documentation so all good there. We have F5 configured but the ASM is way outside of our budget. Any suggestions of what I can do to further secure this server on a budget? I have looked through open source ASM and none seem to support weblogic.

Answers

  • LDC-Oracle
    LDC-Oracle Member Posts: 2 Employee

    # F5 iRule can be used to filter and allow only legit PSFT servlets request to passthrough by using url whitelisting patterns, that can be found in the PIA weblogic accesslog . e.g. allow only /psp/.. /psc/../cs/ patterns as incoming urls

    An front end Apache mod_rewrite, can do the same task as the F5 iRule

    # Also disable the weblogic console or just firewall the port to this console (move the port to console to different than https port)

    # Of course disable the http port and set the weblogic cookie to be set secure

Sign In or Register to comment.