Issue
- SOAP service list API found at http://[host]:[port]/api/axis is exposed to external guest users even with it configured to display locally only.
- The following property is set in portal-ext.properties:
axis.servlet.hosts.allowed=127.0.0.1
Environment
- DXP 7.2, DXP 7.1
Resolution
- To prevent external access, typically we would recommend a block at the web server tier.
- For the SOAP service list, remove 127.0.0.1 from
axis.servlet.hosts.allowedproperty, as it allows Apache to expose the API even in non-local environments.
Additional Information
Subscriber Exclusive Content
A Liferay Enterprise Subscription provides access to over 1,500 articles that include best practices, troubleshooting, and other valuable solutions. Sign in for full access.
Sign In