Security

Security hints
- Protect ini file
- IP restriction

Security hints

Protect ini file

The ini file can contain credentials for databases or api secrets if checks must test its acess.

If possible put them outside webroot or
protect its access with http, put it into a folder “protected” below webroot and deny the access

Snippet for Apache httpd:

  <Location "/protected">
    Require all denied
  </Location>

IP restriction

The request to exec the amcli (or the generated static json file) should be protected. Maybe your output has no sensitive information but maybe it does on error. The monitoring request is not for the public.

Dynamic requests depending on the kind of checks can run a bit longer and could be misused for DOS attacks.

You can set an ip restriction to the ip address of your appmonitor server instance + localhost.

Snippet for Apache httpd:

<location "/appmonitor">
    Require ip 192.168.100.10
    Require ip 127.0.0.1
</Location>

Table of Contents

#Security hints

#Protect ini file

#IP restriction

Security hints

Protect ini file

IP restriction