Skip to main content

Hi, All. I need more information about what web-server A360 uses for the control room. My architecture team assumed it was IIS but, this appears to be untrue. I've read some content that hints at something that is Java Based but, I need more information. My security team is going to want to know what it is and how we secure the technology. If it were IIS, we'd apply a CIS Benchmark to it.

 

For context, I work in a highly regulated industry.

 

Thanks!


https://aa2019packagesdkfordocumentation.s3-us-west-2.amazonaws.com/A2019-on-premises/A2019.19-on-premises.pdf

Hi @Josh Willis​ ,

 

I'd recommend opening a support ticket with AA using below link and schedule a call between AA and your IT for clarifications.

 

https://apeople.automationanywhere.com/s/support/p>

 

if you don't have access to the above link, Send an email to AA Support team "apeopleopsteam@automationanywhere.com" to get the access.

 


Thanks, Chandu. I am pursuing that route but so far am only able to get "It's Java based". I need a whole lot more detail than that. So, I am hoping someone here has more familiarity with it.

 

Thanks!

 

 


Hi @Josh Willis​ ,

 

Jetty is an embedded web server that is used by the A360 Control Room.

It is protected by a reverse proxy called Traefik which implements front-end controls for the application server. The reverse proxy is configured as part of our build process (OEM) to provide the following web security controls: HTTP Strict Transport Security (HSTS), Cross Site Scripting Protection (XSS), Content Security Policy (CSP), Same Origin Policy, and X-Content-Type-Options Cross-Origin Read Blocking (nosniff). 

 

The Traefik reverse proxy configuration files are:

C:\Program Files\Automation Anywhere\Enterprise\traefik\traefik.toml

C:\Program Files\Automation Anywhere\Enterprise\traefik\config\rules.toml

 

Hope this helps.

 

Thanks.


Reply