In our web application honeypots, we do see continuing scans for "/manager/html". While our honeypot doesn't (yet) fully simulate this Tomcat administrative interface, these scans are usually used to find unprotected Tomcat manager URLs.
The full request:
Today's top sources of these scans are:
220.127.116.11 (<-- by far the largest source)
OWASP got a brief guide on securing Tomcat: https://www.owasp.org/index.php/Securing_tomcat
See the "Securing Manager WebApp" for details on protecting your management interface.
Defending Web Applications Security Essentials - SANS San Francisco Winter 2019
Apr 20th 2015
4 years ago