Summary
Question
Answer
Certain URLS exposed by Operations Orchestration application are susceptible to DDoS attacks.
The URLs will return information which can potentially be used to construct a DDoS attack only if the user is logged in .
Response:
1. Stop Central service
2. Open <OO_INSTALLATION>\central\tomcat\webapps\oo\WEB-INF\web.xml
3. Locate the following XML block:
<servlet>
<servlet-name>jminix</servlet-name>
<servlet-class>org.jminix.console.servlet.MiniConsoleServlet</servlet-class>
</servlet>
4. Surround it with XML comments like this:
<!--
<servlet>
<servlet-name>jminix</servlet-name>
<servlet-class>org.jminix.console.servlet.MiniConsoleServlet</servlet-class>
</servlet>
-->
5. Locate the following XML block:
<servlet-mapping>
<servlet-name>jminix</servlet-name>
<url-pattern>/jminix/*</url-pattern>
</servlet-mapping>
6. Surround it with XML comments like this:
<!--
<servlet-mapping>
<servlet-name>jminix</servlet-name>
<url-pattern>/jminix/*</url-pattern>
</servlet-mapping>
-->
7. Save the file and Start Central service