In our web application honeypots, we do see continuing scans for "/manager/html". While our honeypot doesn't (yet) fully simulate this Tomcat administrative interface, these scans are usually used to find unprotected Tomcat manager URLs.
The full request:
Today's top sources of these scans are:
184.108.40.206 (<-- by far the largest source)
OWASP got a brief guide on securing Tomcat: https://www.owasp.org/index.php/Securing_tomcat
See the "Securing Manager WebApp" for details on protecting your management interface.
Intrusion Detection In-Depth - SANS Las Vegas Spring 2020
Apr 20th 2015
5 years ago