0

I need to disable Apache JServ protocol service in WebLogic server. Because it's not recommended to have AJP services publicly accessible on the internet. If AJP is misconfigured it could allow an attacker to access to internal resources.

I have found this question, but it has only instruction for Tomcat. So i need information how can i do it in Weblogic.

iChrome
  • 443
  • 1
  • 6
  • 24
  • WebLogic Server does not use Apache JServ protocol. – Emmanuel Collin Feb 07 '18 at 08:29
  • @EmmanuelCollin It's pretty strange, because i got security report which says that the AJP service is running on TCP port 8009. I used 'netstat' and see that some process uses 8009 port. Maybe Jserv protocol was added via some plugin? – iChrome Feb 07 '18 at 08:37
  • You should have another application server (tomcat ?) listening to port 8009. WebLogic does not use this port by default. WebLogic uses only HTTP and T3 protocols. – Emmanuel Collin Feb 07 '18 at 10:57

0 Answers0