How can we easily remove the Designer portal for production system hardening? T

You could do two things:

1. Enable DEBUG mode for the following logger

log4j.logger.com.appiancorp.ix=DEBUG

2. Enable the access log in JBoss by un-commenting the following element in <JBOSS_HOME>\\server\\all\\deploy\\jbossweb.sar\\server.xml if using Appian 7.0 and older:

Valve className="org.apache.catalina.valves.AccessLogValve"
prefix="localhost_access_log." suffix=".log"
pattern="common" directory="${jboss.server.log.dir}"
resolveHosts="false" />


With these two things you will know when an import takes place:

1. The application server log will show you when an import complete

2013-08-08 05:12:04,925 INFO [STDOUT] (http-0.0.0.0-8080-4) 2013-08-08 05:12:04,925 [http-0.0.0.0-8080-4] DEBUG com.appiancorp.ix.diagnostics.Diagnostics - application _a-0000d78f-53c2-8000-ac7a-680000680000_476 180 Post-transport update done.

2. The access log will show the attempt to do the import

127.0.0.1 - - [08/Aug/2013:05:12:05 +0000] "POST /suite/applications/importApplications.bg?%24e=asiDialog&appian_mp_csrf=1dcb54c4-db85-4205-83f5-176faaf8dcee&appian_environment=designer HTTP/1.1" 200 4681
127.0.0.1 - - [08/Aug/2013:05:12:07 +0000] "POST /suite/framework/backgroundAction.none?appian_environment=designer HTTP/1.1" 200 49435

3. The login-audit.csv gives you an idea of what users were accessing

2013-08-08 05:11:35,Administrator,Succeeded,127.0.0.1,

I am trying to redirect the access to Tempo to Apps by reusing the attached servlet filter plugin for Designer. I modified it to build another filter plugin which successfully blocked the Tempo access (an audit requirement to disable it for a specialised Appian instance) but it does not get redirected to apps portal. Just wonder why Tempo urls behave differently from Designer urls in this case?

Why can't you do that at the web server level? Just make the default environment apps in custom.properties and at the web server level create a redirect to force /tempo/ to go to to /apps/