How to remove access to infomation pages for unauthenticated users. List of Yellowfin information pages.

The list of YF "information" pages that are available to users without authenticating are:

info.jsp
info_browser.jsp
info_cache.jsp
info_threads.jsp

The contents of info.jsp is available to authenticated admin users through the admin console via the System Information link. The other info pages do not have any corresponding pages within the application.

Clients might want to remove access to these pages to unauthenticated users. This can be accomplished by adding the following excerpt to the Yellowfin/appserver/webapps/ROOT/WEB-INF/web.xml file, just before the closing tag :



server-info
/info.jsp
/info_browser.jsp
/info_cache.jsp
/info_threads.jsp


denyaccess

Restart Yellowfin and test!

Is article helpful?