Although the ping servlet is useful for remote debugging, it might reveal sensitive server information. To protect sensitive information, you can enable access for the servlet by using both basic HTTP authentication and client network address filtering. After you enable access to the ping servlet, you can check the status of the application.
The ping servlet security feature is enabled in Focal Point® 6.5.1 and later.
Procedure
1 To configure the HTTP basic authentication role, in the application server, assign the ping role:
Web server
Complete the following step
Tomcat
Create a user with the ping role.
If you are using the Tomcat server that is provided with Focal Point®, provide an encrypted password for the ping user role in the tomcat-users.xml file that is in this folder:
Map the ping security role to the users or groups.
For more information about assigning the ping role in your web server, see the web server’s documentation.
2 In Focal Point®, specify the client network address that can access the ping servlet option:
▪ From the User menu, click Administration and then click Advanced.
▪ Click Application, and then click Security.
▪ Click the edit icon for Networks With Access to the Ping Servlet, and then specify the range of network addresses by using CIDR notation. Use commas or semicolons to separate the addresses. Both IPv4 and IPv6 network addresses are supported.
Restrictions:
▪ By default, only localhost (127.0.0.1/32 or ::1/128) is allowed.
▪ If the configuration involves a load balancer or another proxy, the address of that proxy must be within one of the configured network address ranges.