In our web application honeypots, we do see continuing scans for "/manager/html". While our honeypot doesn't (yet) fully simulate this Tomcat administrative interface, these scans are usually used to find unprotected Tomcat manager URLs.
The full request:
Today's top sources of these scans are:
18.104.22.168 (<-- by far the largest source)
OWASP got a brief guide on securing Tomcat: https://www.owasp.org/index.php/Securing_tomcat
See the "Securing Manager WebApp" for details on protecting your management interface.
Intrusion Detection In-Depth - SANS Boston Summer 2019
Apr 20th 2015
4 years ago