Is it possible to whitelist a list of ips who get access to the manager web interface, or is the firewall the only option ? Also, is there a way to auto login (e.g.
http://user:pass@server:8088), use ldap integration, ... ?
Of course, but someone could bruteforce it, DDoS, or other tricks (SQL injection, CSRF, ... who knows). Sounds like good practice not to let anyone access the admin login interface, a bit like an ssh server... Especially on a publically accessible server :)
Anyway, firewall is the way to go then. Thank you anyway.