Hello ,
I am performing hardening on Tomcat Apache server. Its part of Apex and ORDS is installed on Apache.
While performing below hardening changes, application stops working. I need help to solve the problems and make it working.
Perform the following:
1. Add the following statement into the $CATALINA_BASE\webapps\ords\META-INF\context.xml file if it does not already exist.
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="$CATALINA_HOME/logs/" prefix="access_log" fileDateFormat="yyyy-MM-dd.HH" suffix=".log" pattern="%h %t %H cookie:%{SESSIONID}c request:%{SESSIONID}r %m %U %s %q %r" />
If i created file under ORDS application,Application stops working.
2. Starting Tomcat with Security Manager
$CATALINA_HOME/bin/catalina.sh start -security
3. Disabling auto deployment of applications
In the $CATALINA_HOME/conf/server.xml file, change autoDeploy="false" and deployOnStartup="false".
4. Enable strict servlet Compliance and Turn off session façade recycling
Ensure the below parameter is added to the startup script which by default is located at $CATALINA_HOME/bin/catalina.sh.
-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
-Dorg.apache.catalina.connector.RECYCLE_FACADES=true