I have TAM E-SSO 8.1 FP4 installed. In the IMS Configuration Utility from the console (https://servername:9443/webconf) I have configured that the IMS AccessAdmin webpage is accessible (Allow form-based login to AccessAdmin from remote machine), like https://servername/admin
However what I do not want, is that the IMS Configuration Utility is also accessbile from remote machines on port 443 (https://servername/webconf), which it is now.
How can I prevent that?
This topic has been locked.
7 replies Latest Post - 2012-04-27T21:33:53Z by jtoma
Pinned topic Prevent webaccess to IMS Configuration Utility on port 443
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-04-27T21:33:53Z at 2012-04-27T21:33:53Z by jtoma
Re: Prevent webaccess to IMS Configuration Utility on port 4432012-04-13T22:22:53Z in response to SystemAdminIf you enable application security in Websphere ISC (Security -> Global Security -> Check the box for "Enable application security" -> Apply - > Save.
Restart Websphere and now when you try to get to the IMS configuration utility, you will be prompted for Websphere credentials. Use the Websphere credentials that you use to login to ISC to gain access to the web configurator.
Re: Prevent webaccess to IMS Configuration Utility on port 4432012-04-14T06:21:56Z in response to jtomaHi, application seurity is already enabled for me. But that does not prevent that the IMS Config Wizard is accessible on everyworkstation on https (port 443). Yes, you do need wasadmin credentials to logon, but I want to prevent that the IMS Config even is shown.
So can it be accessible only throught port 9043 / 9443 for instance? In that way, you will need to logon to the Windows Server first (RDP) to be able to access the IMS Config.
HomerJSimpson 270003289F11 PostsACCEPTED ANSWER
Re: Prevent webaccess to IMS Configuration Utility on port 4432012-04-16T14:52:57Z in response to SystemAdminIn order to prevent /webconf from being accessible via normal HTTP/HTTPS port(s), you need to make sure you haven't mapped the modules for this app to your webserver (or configured your WAS Server (Deployment Manager) to listen on the ports 80/443).
Login to WAS admin console and navigate to:
Applications > Application Type > WebSphere Enterprise Applications
Select the IMSConfig application (names are different depending on version of IMS).
Click on 'Manage Modules' (in the 'Modules' section)
In the Module table, you'd want to see if any module is mapped to your webserver (would be listed in the "Server" column.
If so, select the module(s) and remap them to just your appserver (if single server env) or your cluster (if a clustered env).
Save your settings.
(sync your nodes if this is a cluster)
regenerate/propogate your webserver plugin
and restart your app/webservers
Re: Prevent webaccess to IMS Configuration Utility on port 4432012-04-20T23:01:44Z in response to HomerJSimpsonNote that the suggestion provided above should only be used on 8.2. In 8.1, if the TAMESSOIMS application is removed from the webserver mapping, this affects the entire IMS functionality. The IMSConfig application was only separated starting in v8.2.
Re: Prevent webaccess to IMS Configuration Utility on port 4432012-04-21T06:13:34Z in response to jtomaThis is true, in 8.2 it is seperated. But in 8.1 there is a IMS WebConfig in the Modules.
I have remapped that one only to the server (and not the webserver) and it seemed that it did the job.