views:

414

answers:

1

Does WebSphere offer an HTTP input filter / firewall like mod_security?

I know that it's possible to have Apache be the HTTP server front-end to WebSphere, but that type of configuration is beyond my influence. We're stuck using just what WebSphere itself can do.

EDIT - To clarify, I am not looking for authentication, authorization, or non-repudiation aspects of security here. I want a rule-based HTTP firewall like mod_security that works on WebSphere.

Also, I know that in version 1.x, there was a partial implementation of mod_security in Java. We currently have a custom, in-house solution that is a work-alike, but less arbitrarily configurable. Thanks!

+1  A: 

J2EE has a standard way of securing it's apps. I recommend using this. If what you are trying to do is oddball, you could look at Custom User Registries (IBM specific), or implement a custom system all together with Servlet Filters.

Konrad
Thanks for your response. We have currently implemented filtering using Servlet Filters. However, we are not in the HTTP input filtering business, so I'd rather use a prepackaged solution like mod_security.
shadit