Details
Limit access to the web administration application to only those with a justified need.
Rationale:
Limiting access to the least privilege will ensure only those people with justified need will have access to a resource. The web administration application should be limited to only administrators.
Solution
For the administration application, edit $CATALINA_HOME/conf/server.xml and uncomment the following:
Note: The RemoteAddrValve property expects a regular expression, therefore periods and other regular expression meta-characters must be escaped.
Default Value:
By default, this configuration is not present.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.