Problem: Protecting Cognos 10 App Server

The Cognos 10 application runs within an application server. As a result it is vulnerable to attacks over the Internet through the open ports for WWW traffic.

Here are some notes on CAF.

Ant

http://publib.boulder.ibm.com/infocenter/caapps/v8r4m0/topic/com.ibm.swg.im.cognos.inst_apps.8.4.0.doc/inst_apps_i_cnfg_CAF.html

You can track firewall activity by checking the log file, which contains rejected requests only. If firewall validation fails, you can check the log file to find where the failure occurred. By default, log messages are stored in the c8_location/logs/cogserver.log file. In a gateway-only installation, the file is named caf.log. If you configure a destination for log messages, IBM Cognos Application Firewall log messages are sent to the specified destination.

IBM Cognos Application Firewall also has a Secure Error feature, which gives administrators control over which groups or users can view detailed error messages. For more information, see the IBM Cognos 8 Administration and Security Guide.