search cancel

External pentest on API Portal show that port 8083 is showing unwanted information for druid


Article ID: 241865


Updated On:


CA API Developer Portal


Following an external pentest of the developer portal we found that :

  1. http://portalhost:8083/application.wadl uri is providing too much information to users without encryption.  Is it possible to close the 8083 port completely or automatically forward this to an https port? Additionally can we disable the application.wadl uri entirely?
  2. http://portalhost:8083/status/properties displays an outdated log4j version. 


Release : 4.5 5.x

Component :


Port 8083  is the default port for the  Druid historical container if needed you can unpublish this port by running

      docker service update  portal_historical --publish-rm 8083

To make this change persistent if the portal is redeployed , do the following

run keep this will save the analytics.yml and docker-compose.yml after the deployment

edit the analytics.yml to remove the port 8083 

if you need to make this persistent also after redeploying the portal you need to update the and make it use the updated analytics.yml in the following section 

if [[ "${AE}" == y ]]; then
 echo "${ANALYTICS_YML}" > "$tmpfile"
 docker stack deploy --with-registry-auth --compose-file "$tmpfile" portal
 rm "$tmpfile"

Keep in mind that a upgrade will replace the file .

The warning for log4j is because this is a old portal version upgrading to the latest version will upgrade druid which will also upgrade the log4j version used by druid.