AnsweredAssumed Answered

Disable Rest API -> disable "data/query?" access to MOM

Question asked by richardgreen_SSA on Feb 28, 2018
Latest reply on Mar 6, 2018 by richardgreen_SSA

Business Requirement:

Unrestricted access to APM public REST API is flagged as a vulnerability by Enterprise Security penetration test.

 

Attempting to disable access to public REST API by setting introscope.public.restapi.enabled=false in IntroscopeEnterpriseManager.properties.

 

 

Expected:

 

HTTP error response to metric data query (Example http://momhost:8081/data/query?agentRegex=(.*)&metricRegex=.*:Responses+Per+Interval&relativeTime=last1min&period=120&format=xml)

 

 

Instead:
The metric data values matching the input query is returned.

Outcomes