Issue
- SOAP service list API found at http://[host]:[port]/api/axis is exposed to external guest users even with it configured to display locally only.
- The following property is set in portal-ext.properties:
axis.servlet.hosts.allowed=127.0.0.1
Environment
- DXP 7.2, DXP 7.1
Resolution
- To prevent external access, typically we would recommend a block at the web server tier.
- For the SOAP service list, remove 127.0.0.1 from
axis.servlet.hosts.allowedproperty, as it allows Apache to expose the API even in non-local environments.
Additional Information
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar