Enabling access to the ping servlet

Although the ping servlet is useful for remote debugging, it might reveal sensitive server information. To protect sensitive information, you can enable access for the servlet by using both basic HTTP authentication and client network address filtering. After you enable access to the ping servlet, you can check the status of the application.

Before you begin

The ping servlet security feature is enabled in version 6.5.1 and later of IBM® Rational® Focal Point™.

Procedure

  1. To configure the HTTP basic authentication role, in the application server, assign the ping role:
    • On Apache Tomcat: Create a user with the ping role.
    • On IBM WebSphere® Application Server: Map the ping security role to the users or groups.
    For more information about assigning the ping role in Apache Tomcat and WebSphere Application Server, see the documentation for those servers.
  2. In Rational Focal Point, specify the client network address that can access the ping servlet option:
    1. Click Application > Security.
    2. In the Networks With Access to the Ping Servlet field, specify the range of network addresses by using CIDR notation. Use commas or semicolons to separate the addresses.
      Restrictions:
      • Both IPv4 and IPv6 network addresses are supported.
      • By default, only localhost (127.0.0.1/32 or ::1/128) is allowed.
      • If the configuration involves a load balancer or another proxy, the address of that proxy must be in one of the configured network address ranges.

What to do next

You can now check the status of Rational Focal Point from a web browser by using the commands. For more information, see “Commands to monitor Rational Focal Point.”

Feedback