"Hi, you have reached the QaaWS HTTP Servlet" How

server administration XI Server Discussion
1

Hey everyone. I’ve got a problem that’s stumped me. I’m working with QaaWS for an Xcelsius project over secure http, and am trying to disable the “Hi, you have reached the QaaWS HTTP Servlet.” message. Basically, this is advertising to potential intruders that they have reached a service and provides a focal point for attempts in unauthorized access.

The link that is generated by the service is in this format:

https://<qualified.servername>/dswsbobje/qaawsservices/queryasaservice?&amp;cuid=<cuid goes here>&amp;authType=secEnterprise&amp;locale=en_US&amp;timeout=60

So, I’ve gone the webapps folder and looked for qaawsservices or even the “Hi, you have reached…” message and found nothing.

Any ideas?

Ruune :us: (BOB member since 2007-08-13)

2

The message is embedded in the QaaWSServlet.class file that is in the dsws-managequeryasaservice-ws.jar file under dswsbobje/WEB-INF/lib.

Looking in the web.xml file the mapping for the URL is handled here


    <servlet-mapping>
        <servlet-name>QaaWSServlet</servlet-name>
        <url-pattern>/qaawsservices/*</url-pattern>
    </servlet-mapping>

which points to here


   <servlet>
        <servlet-name>QaaWSServlet</servlet-name>
        <servlet-class>com.businessobjects.qaaws.internal.transport.QaaWSServlet</servlet-class> 
        <load-on-startup>1</load-on-startup>
    </servlet>

Not sure if it is possible to turn off the message although I am wondering if by changing the mappings it would be possible to redirect the URL to another page that doesn’t give any information. Might even be able to deny access to the URL through the tomcat configuration. Have to look into this when time permits…

jwhite9 :us: (BOB member since 2006-07-28)

3

agreed… however if you change it, wont it send legitimate QaaWS requests somewhere else, or deny those as well?

Ruune :us: (BOB member since 2007-08-13)