The first line of defense of the Tomcat based primary MetaKarta server or any of its metadata harvesting agents / MIMB servers requires a proper firewall setup. As a last line of defense, the tomcat remote address valve can be configured for access control.
In such case the Tomcat of any metadata harvesting agents / MIMB
server should configure with a valve to only accepts requests from its
associated primary MM server.
This requires to edit the file tomcat/conf/MetaKarta/localhost/MIMBWebServices.xml
in order to add the
following line:
<Valve
className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"\>
For more details on configuring Tomcat access control with valve,
see Tomcat's documentation at:
https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_Address_Valve