The sample tools and components described in this chapter provide models for web services customization. The various components can be used in your environment, as appropriate.
Important: Web services are meant to be used for testing SOAP API calls and should never be exposed publicly. There are several ways to prevent the /webservices directory from being accessed:
By using advanced firewall rules.
By using load balancing rules.
By restricting the path in the apache-tomcat/conf/server.xml file.
If you have developers who work with SOAP API calls and need access to /webservices, you could implement one of the first two options so that the URL can only be accessed internally. The third option completely disables any /webservices path.
To implement the third option, open the server.xml file with a text editor and add the following lines within <Host> elements: