Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HTTP Request Forwarding (Web Proxy) Detected

 
Sumedh Kakde
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,


I am using JBoss Version: jboss-5.1.0.GA.

I want to disable the HTTP Request Forwarding (Web Proxy) capability.

Right now Web Proxy may be enabled in the Jboss.

I want to know is there any way to disable the same.

Because of Web Proxy, any malicious attacker can attack other sites using Jboss server.

So that server may be vulnerable for Man in the Middle attack.

The server is scanned with IBM Security AppScan. It is giving the above vulnerability error.

Through JBoss server it is able to access external sites.



The same with Apache can be achieved with ProxyRequests off direcctive.

But, in our case , we are not using Apache web server. It is a standalone Jboss server.



Please suggest the solution to disable HTTP request forwarding.



Thanks,
Sumedh
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic